Severity
High
Analysis Summary
CVE-2021-33771
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34449
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34467
Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-31979
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34476
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Common Internet File System (CIFS) Browser Protocol. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Code Execution
- Denial of Service
- Privilege Escalation
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Windows Server 2019 (Server Core installation)
- Microsoft Windows 10 Version 1809 for ARM64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.