Latest Advisories Notable Vulnerabilities

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are some of the CVEs included in the November 2021 release:

• CVE-2021-42298 - Microsoft Defender Remote Code Execution Vulnerability
  CVSS:3.1 7.8/6.8
  
  
• CVE-2021-40461 - Windows Hyper-V Remote Code Execution Vulnerability
  CVSS:3.1 8.0/7.0
  
  
• CVE-2021-38666 - Remote Desktop Client Remote Code Execution Vulnerability
  CVSS:3.1 8.8/7.7
  
  
• CVE-2021-26443 - Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
  CVSS:3.1 9.0/7.8
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are some of the CVEs included in the October 2021 release:

• CVE-2021-38672 - Windows Hyper-V Remote Code Execution Vulnerability
  CVSS:3.1 8.0/7.0
  
  
• CVE-2021-40461 - Windows Hyper-V Remote Code Execution Vulnerability
  CVSS:3.1 8.0/7.0
  
  
• CVE-2021-40486 - Microsoft Word Remote Code Execution Vulnerability
  CVSS:3.0 7.8/6.8
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload covers in the September 2021 release:

• CVE-2021-26435 - Windows Scripting Engine Memory Corruption Vulnerability
  CVSS:3.0 8.1/7.1
  
  
• CVE-2021-36965 - Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
  CVSS:3.0 8.8/7.7
  
  
• CVE-2021-38647 - Open Management Infrastructure Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload covers in the July 2021 release:

• CVE-2021-34480 - Scripting Engine Memory Corruption Vulnerability
  CVSS:3.0 6.8/5.9
  
  
• CVE-2021-26432 - Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload covers in the July 2021 release:

• CVE-2021-34527 - Windows Print Spooler Remote Code Execution Vulnerability
  CVSS:3.0 8.8/8.2
  
  
• CVE-2021-34448 - Scripting Engine Memory Corruption Vulnerability
  CVSS:3.0 6.8/6.3
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below is the CVE that Trend Micro Cloud One Workload covers in the June 2021 release:

• CVE-2021-31959 - Scripting Engine Memory Corruption Vulnerability
  CVSS:3.0 6.4/5.6
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload covers in the May 2021 release:

• CVE-2021-26419 - Scripting Engine Memory Corruption Vulnerability
  CVSS:3.0 7.5/6.7
  
  
• CVE-2021-31181 - Microsoft SharePoint Remote Code Execution Vulnerability
  CVSS:3.0 8.8/7.7
  
  
• CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload and Vulnerability Protection cover in the April 2021 release:

• CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability
  CVSS:3.0 7.8/7.2
  
  
• CVE-2021-28325 - Windows SMB Information Disclosure Vulnerability
  CVSS:3.0 6.5/5.7
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. This update is of critical importance as it directly addresses the vulnerabilities that have been exploited by a threat actor group known as Hafnium. Microsoft acknowledged there are attacks based on these vulnerabilities.

Following the new patch information format, below are the CVEs that Trend Micro Cloud One Workload covers in the March 2021 release:

• CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability
  CVSS:3.0 9.1/8.4
  
  
• CVE-2021-26411 - Internet Explorer Memory Corruption Vulnerability
  CVSS:3.0 8.8/7.9
  
  
• CVE-2021-26877 - Windows DNS Server Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  
• CVE-2021-26897 - Windows DNS Server Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  
• CVE-2021-27076 - Windows DNS Server Remote Code Execution Vulnerability
  CVSS:3.0 8.8/7.7
  
  

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Deep Security covers in the February 2021 release:

• CVE-2021-24078 - Windows DNS Server Remote Code Execution Vulnerability
  CVSS:3.0 9.8/8.5
  
  
• CVE-2021-24072 - Microsoft SharePoint Server Remote Code Execution Vulnerability
  CVSS:3.0 8.8/7.7