http://packetstormsecurity.com/files/161768/Microsoft-Windows-Kernel-NtGdiGetDeviceCapsAll-Race-Condition-Use-After-Free.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863

The remote Windows host is missing security update 5000802.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,     CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,     CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,     CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,     CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,     CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,     CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,     CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,     CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,     CVE-2021-27070, CVE-2021-27077)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-24107, CVE-2021-26869,     CVE-2021-26884)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-26861,     CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,     CVE-2021-26890, CVE-2021-27085)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-26879,     CVE-2021-26886)

  - An memory corruption vulnerability exists. An attacker     can exploit this to corrupt the memory and cause     unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-26892)

The remote Windows host is missing security update 5000809.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-24107, CVE-2021-26869,     CVE-2021-26884)

  - An memory corruption vulnerability exists. An attacker     can exploit this to corrupt the memory and cause     unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-26879,     CVE-2021-26886)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,     CVE-2021-26862, CVE-2021-26863, CVE-2021-26866,     CVE-2021-26868, CVE-2021-26870, CVE-2021-26871,     CVE-2021-26872, CVE-2021-26873, CVE-2021-26875,     CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,     CVE-2021-26885, CVE-2021-26889, CVE-2021-26898,     CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-26861,     CVE-2021-26876, CVE-2021-26881, CVE-2021-27085)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-26892)

The remote Windows host is missing security update 5000822.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095,     CVE-2021-26860, CVE-2021-26862, CVE-2021-26863,     CVE-2021-26864, CVE-2021-26865, CVE-2021-26866,     CVE-2021-26868, CVE-2021-26870, CVE-2021-26872,     CVE-2021-26873, CVE-2021-26874, CVE-2021-26875,     CVE-2021-26878, CVE-2021-26880, CVE-2021-26882,     CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,     CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-24107, CVE-2021-26869,     CVE-2021-26884)

  - An memory corruption vulnerability exists. An attacker     can exploit this to corrupt the memory and cause     unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-26861,     CVE-2021-26876, CVE-2021-26877, CVE-2021-26881,     CVE-2021-26890, CVE-2021-26893, CVE-2021-26894,     CVE-2021-26895, CVE-2021-26897, CVE-2021-27085)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-26879,     CVE-2021-26886, CVE-2021-26896, CVE-2021-27063)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-26892)

The remote Windows host is missing security update 5000808.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-1640, CVE-2021-1729, CVE-2021-24090,     CVE-2021-24095, CVE-2021-26860, CVE-2021-26862,     CVE-2021-26863, CVE-2021-26864, CVE-2021-26865,     CVE-2021-26866, CVE-2021-26868, CVE-2021-26870,     CVE-2021-26871, CVE-2021-26872, CVE-2021-26873,     CVE-2021-26874, CVE-2021-26875, CVE-2021-26878,     CVE-2021-26880, CVE-2021-26882, CVE-2021-26885,     CVE-2021-26889, CVE-2021-26891, CVE-2021-26898,     CVE-2021-26899, CVE-2021-26900, CVE-2021-26901,     CVE-2021-27077)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-24107, CVE-2021-26869,     CVE-2021-26884)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-26861,     CVE-2021-26867, CVE-2021-26876, CVE-2021-26881,     CVE-2021-26890, CVE-2021-27085)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-26879,     CVE-2021-26886)

  - An memory corruption vulnerability exists. An attacker     can exploit this to corrupt the memory and cause     unexpected behaviors within the system/application.
    (CVE-2021-26411)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-26892)

ID	Name	Product	Family	Severity
147226	KB5000802: Windows Security Update (March 2021)	Nessus	Windows : Microsoft Bulletins	high
147224	KB5000809: Windows 10 Version 1803 March 2021 Security Update	Nessus	Windows : Microsoft Bulletins	high
147223	KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update	Nessus	Windows : Microsoft Bulletins	critical
147220	KB5000808: Windows 10 Version 1909 March 2021 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2021-26863

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

critical

high