Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-42304: Azure RTOS Elevation of Privilege Vulnerability

*What is RTOS?* Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See Azure RTOS Overview for more information. *What version of Azure RTOS has the update that protects from this vulnerability?* Version 6.1.9 *According to the CVSS, User Interaction is Required. What interaction would the user have to do?* Exploitation of this vulnerability requires that a user plug in a malicious USB device.

Microsoft Security Response Center
#Azure RTOS#Security Vulnerability#vulnerability
CVE-2021-42323: Azure RTOS Information Disclosure Vulnerability

*What is RTOS?* Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See Azure RTOS Overview for more information. *What version of Azure RTOS has the update that protects from this vulnerability?* Version 6.1.9 *According to the CVSS, User Interaction is Required. What interaction would the user have to do?* Exploitation of this vulnerability requires that a user plug in a malicious USB device.

CVE-2021-26444: Azure RTOS Information Disclosure Vulnerability

*What is RTOS?* Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See Azure RTOS Overview for more information. *What version of Azure RTOS has the update that protects from this vulnerability?* Version 6.1.9 *According to the CVSS, User Interaction is Required. What interaction would the user have to do?* Exploitation of this vulnerability requires that a user plug in a malicious USB device.

CVE-2021-43208: 3D Viewer Remote Code Execution Vulnerability

*How do I get the updated app?* The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. *How can I check if the update is installed?* App package versions *7.2107.7012.0* and later contain this update. You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.Microsoft3DViewer

CVE-2021-43209: 3D Viewer Remote Code Execution Vulnerability

*How do I get the updated app?* The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. *How can I check if the update is installed?* App package versions *7.2107.7012.0* and later contain this update. You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.Microsoft3DViewer

CVE-2021-38003: Chromium: CVE-2021-38003 Inappropriate implementation in V8

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-38002: Chromium: CVE-2021-38002 Use after free in Web Transport

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-38001: Chromium: CVE-2021-38001 Type Confusion in V8

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-38000: Chromium: CVE-2021-38000 Insufficient validation of untrusted input in Intents

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-37999: Chromium: CVE-2021-37999 Insufficient data validation in New Tab Page

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*