6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
Low
0.154 Low
EPSS
Percentile
95.9%
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface.
Below is a complete list of vulnerabilities:
CVE-2021-27096 critical
CVE-2021-28330 critical
CVE-2021-28338 critical
CVE-2021-28329 critical
CVE-2021-28332 critical
CVE-2021-28309 high
CVE-2021-28342 critical
CVE-2021-27095 critical
CVE-2021-28334 critical
CVE-2021-26413 high
CVE-2021-27089 critical
CVE-2021-28358 critical
CVE-2021-28336 critical
CVE-2021-28440 high
CVE-2021-27091 critical
CVE-2021-28350 critical
CVE-2021-28335 critical
CVE-2021-28352 critical
CVE-2021-28340 critical
CVE-2021-28318 high
CVE-2021-28446 high
CVE-2021-28331 critical
CVE-2021-28356 critical
CVE-2021-28328 high
CVE-2021-28349 critical
CVE-2021-28439 critical
CVE-2021-28315 critical
CVE-2021-28344 critical
CVE-2021-28355 critical
CVE-2021-28339 critical
CVE-2021-27093 high
CVE-2021-28317 high
CVE-2021-28345 critical
CVE-2021-28333 critical
CVE-2021-28323 high
CVE-2021-28434 critical
CVE-2021-28437 high
CVE-2021-28316 warning
CVE-2021-28341 critical
CVE-2021-28337 critical
CVE-2021-28357 critical
CVE-2021-28445 critical
CVE-2021-28346 critical
CVE-2021-28327 critical
CVE-2021-28353 critical
CVE-2021-26415 critical
CVE-2021-28443 high
CVE-2021-28348 critical
CVE-2021-28354 critical
CVE-2021-28343 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/5001332
support.microsoft.com/kb/5001335
support.microsoft.com/kb/5001389
support.microsoft.com/kb/5001392
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26413
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26415
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27089
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27091
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27093
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27095
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27096
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28309
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28315
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28316
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28317
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28318
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28323
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28327
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28328
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28329
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28330
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28331
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28332
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28333
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28334
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28335
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28336
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28337
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28338
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28339
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28340
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28341
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28342
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28343
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28344
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28345
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28346
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28348
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28349
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28350
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28352
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28353
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28354
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28355
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28356
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28357
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28358
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28434
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28437
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28439
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28440
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28443
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28445
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28446
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
Low
0.154 Low
EPSS
Percentile
95.9%