Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-43882: Microsoft Defender for IoT Remote Code Execution Vulnerability

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 10.5.3 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

Microsoft Security Response Center
#vulnerability#microsoft#Microsoft Defender for IoT#Security Vulnerability
CVE-2021-43899: Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

**What firmware version of the Microsoft 4K Wireless Display Adapter has the update that protects from this vulnerability?** All firmware versions of the Microsoft 4K Wireless Display Adapter that are 3.9520.47 and higher are protected from this vulnerability. **How do I ensure my Microsoft 4K Wireless Display Adapter device has the update?** You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use the **Update & security** section of the app to download and install the latest firmware. **How could an attacker exploit this vulnerability?** An unauthenticated attacker on the same network as the Microsoft 4K Display Adapter could send specially crafted packets to a vulnerable device.

CVE-2021-41365: Microsoft Defender for IoT Remote Code Execution Vulnerability

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 10.5.2 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

CVE-2021-43889: Microsoft Defender for IoT Remote Code Execution Vulnerability

**What privileges are required by the attack to exploit this vulnerability?** An attacker needs to have support user privileges to be able to exploit this vulnerability.

CVE-2021-42295: Visual Basic for Applications Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2021-43227: Storage Spaces Controller Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2021-43236: Microsoft Message Queuing Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2021-43235: Storage Spaces Controller Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2021-41360: HEVC Video Extensions Remote Code Execution Vulnerability

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`