7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.512 Medium
EPSS
Percentile
97.6%
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.
Below is a complete list of vulnerabilities:
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2021-36970 critical
CVE-2021-40455 high
CVE-2021-38662 high
CVE-2021-41335 critical
CVE-2021-40449 critical
CVE-2021-38663 high
CVE-2021-41342 high
CVE-2021-26442 high
CVE-2021-41332 high
CVE-2021-40466 critical
CVE-2021-41331 critical
CVE-2021-40469 high
CVE-2021-41340 critical
CVE-2021-40467 critical
CVE-2021-36953 critical
CVE-2021-40489 critical
CVE-2021-40443 critical
CVE-2021-40460 high
CVE-2021-40465 critical
CVE-2021-41343 high
CVE-2021-40477 critical
CVE-2021-41345 critical
CVE-2021-40488 critical
CVE-2021-40476 critical
CVE-2021-40463 critical
CVE-2021-40478 critical
CVE-2021-26441 critical
CVE-2021-40454 high
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/5006671
support.microsoft.com/kb/5006714
support.microsoft.com/kb/5006715
support.microsoft.com/kb/5006728
support.microsoft.com/kb/5006729
support.microsoft.com/kb/5006732
support.microsoft.com/kb/5006736
support.microsoft.com/kb/5006739
support.microsoft.com/kb/5006743
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26441
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26442
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36953
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38662
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38663
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40443
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40454
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40455
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40460
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40463
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40465
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40466
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40467
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40469
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40476
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40477
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40478
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40488
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40489
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41331
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41332
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41335
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41340
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41342
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41343
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41345
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.512 Medium
EPSS
Percentile
97.6%