Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-4100: Chromium: CVE-2021-4100 Object lifecycle issue in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1054.57 12/14/2021 96.0.4664.110

Microsoft Security Response Center
#microsoft#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2021-4099: Chromium: CVE-2021-4099 Use after free in Swiftshader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1054.57 12/14/2021 96.0.4664.110

CVE-2021-4098: Chromium: CVE-2021-4098 Insufficient data validation in Mojo

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1054.57 12/14/2021 96.0.4664.110

CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability

Users on the existing Desktop App Installer app can hover over the **Trusted app** text to see more details about the signer. This will help in determining if the app should not be installed.

CVE-2021-43880: Windows Mobile Device Management Elevation of Privilege Vulnerability

**What privileges does the attacker gain?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2021-42320: Microsoft SharePoint Server Spoofing Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to modify their Display Name within SharePoint.

CVE-2021-42309: Microsoft SharePoint Server Remote Code Execution Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

CVE-2021-42294: Microsoft SharePoint Server Remote Code Execution Vulnerability

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

CVE-2021-43888: Microsoft Defender for IoT Information Disclosure Vulnerability

**What type of information can be disclosed by this vulnerability?** This vulnerability could allow device security information to be disclosed including but not limited to security score, outdated operating system, and any malware infections.