+38/044/257-2444
+38/067/502-3306
+38/050/370-3627
Новости

Microsoft выпустил январские обновления безопасности

Microsoft выпустил январские обновления безопасности

Microsoft выпустила первые в новом году обновления безопасности, закрывающие 83 уязвимости, 10 из которых классифицированы как Критические.

На следующие уязвимости и обновления безопасности следует обратить особое внимание:

Windows

CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Impact Security Feature Bypass
Severity Important
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 8.8
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software All supported versions of Windows
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1674

 

CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Critical
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 8.8
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software All supported versions of Windows
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1673

 

CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Critical
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software HEVC Video Extensions
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1643

 

CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability
Impact Elevation of Privilege
Severity Important
Publicly Disclosed? Yes
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software All supported versions of Windows
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648

 

CVE-2021-1665 GDI+ Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Critical
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software All supported versions of Windows
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1665

 Microsoft Browsers

CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Impact Remote Code Execution
Severity Critical
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 4.2
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Affected Software Microsoft Edge (EdgeHTML-based)
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1705

 Microsoft Office

CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Important
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software Microsoft Excel 365 Apps for Enterprise, Word 2010, Word 2013, Word 2016, Office 2010, Office 2019, Office 2019 for Mac, Office Online Server, Office Web Apps 2010, Office Web Apps Server 2013, Office SharePoint Enterprise Server 2013, SharePoint Enterprise Server 2016, SharePoint Server 2010, and SharePoint Server 2019
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1715

 

CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Important
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software Microsoft Excel 365 Apps for Enterprise, Excel Services, Excel 2010, Excel 2013, Excel 2016, Office 2010, Office 2013, Office 2016, Office 2019, Office 2019 for Mac, Office Online Server, Office Web Apps Server 2013, and Office SharePoint Enterprise Server 2013.
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1714

 Microsoft SharePoint Server

CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Important
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation more likely
CVSS Base Score 8.8
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software Microsoft SharePoint Foundation 2013, SharePoint Foundation 2010, SharePoint Server 2019, and SharePoint Enterprise Server 2016
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707

 

Microsoft SQL Server

CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability
Impact Elevation of Privilege
Severity Important
Publicly Disclosed? No
Known Exploits? No
Exploitability Exploitation less likely
CVSS Base Score 8.8
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software Microsoft SQL Server 2012, SQL Server 2014, SQL Server 2016, SQL Server 2017, and SQL Server 2019
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636

Microsoft Defender

CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability
Impact Remote Code Execution
Severity Critical
Publicly Disclosed? No
Known Exploits? Yes
Exploitability Exploitation detected
CVSS Base Score 7.8
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Affected Software Microsoft Security Essentials, System Center 2012 R2, System Center Endpoint Protection, Windows Defender
More Information https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647

Рекомендации по безопасности

ADV990001 – Latest Servicing Stack Updates (SSU)

Обновления SSU были выпущены для следующих версий Windows:

  • Windows 10 1809/Server 2019
  • Windows 10 1909/Windows Server, version 1909
  • Windows 10 2004/Windows Server, version 2004
  • Windows 10 20H2/Windows Server, version 20H2

Другие новости