CVE-2021-31195 (CVSS score: 6.5) - Remote Code Execution Vulnerability.CVE-2021-31207 (CVSS score: 6.6) - Security Feature Bypass Vulnerability (publicly known).
#Skype updates through windows update update
In addition, the Patch Tuesday update addresses a scripting engine memory corruption flaw in Internet Explorer ( CVE-2021-26419) and four weaknesses in Microsoft Exchange Server, marking the third consecutive month Microsoft has shipped fixes for the product since ProxyLogon exploits came to light in March. "It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host's security," the Windows maker noted. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address." "The contents of the address read would not be returned to the guest VM. "This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address," Microsoft said in its advisory. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale.Īnother vulnerability of note is a remote code execution flaw in Hyper-V ( CVE-2021-28476), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9. The most critical of the flaws addressed is CVE-2021-31166, a wormable remote code execution vulnerability in the HTTP protocol stack. Three of the vulnerabilities are publicly known, although, unlike last month, none of them are under active exploitation at the time of release. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.
0 kommentar(er)
