Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-38014: Chromium: CVE-2021-38014 Out of bounds write in Swiftshader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

Microsoft Security Response Center
#microsoft#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2021-38016: Chromium: CVE-2021-38016 Insufficient policy enforcement in background fetch

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38012: Chromium: CVE-2021-38012 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38017: Chromium: CVE-2021-38017 Insufficient policy enforcement in iframe sandbox

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38015: Chromium: CVE-2021-38015 Inappropriate implementation in input

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-43220: Microsoft Edge for iOS Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-42308: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1054.29 11/19/2021 96.0.4664.45

CVE-2021-42306: Azure Active Directory Information Disclosure Vulnerability

**Where can I find more information?** Please see the MSRC Blog here. **What Microsoft services are known to be affected by this vulnerability?** Product/Service Microsoft's Mitigation Customer impact assessment and remediation Azure Automation uses the Application and Service Principal keyCredential APIs when Automation Run-As Accounts are created. Azure Automation deployed an update to the service to prevent private keys data in clear text from being uploaded to Azure AD applications. Run-As accounts created or renewed after 10/15/2021 are not impacted and do not require further action. Automation Run As accounts created with an Azure Automation self-signed certificate between 10/15/2020 and 10/15/2021 that have not been renewed are impacted. Separately customers who bring their own certificates could be affected. This is regardless of the renewal date of the certificate. To identify and remediate impacted Azure AD applications associated with impacted Automation Run-As accou...

CVE-2021-43211: Windows 10 Update Assistant Elevation of Privilege Vulnerability

**What privileges does the attacker gain?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2021-42298: Microsoft Defender Remote Code Execution Vulnerability

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.18700.3 See Manage Updates Baselines Microsoft Defender Antivirus for more information. *Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?* Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. *Why is no action required to install this update?* In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the de...