https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40461

The remote Windows host is missing security update 5006674. It is, therefore, affected by multiple vulnerabilities

The remote Windows host is missing security update 5006667.
It is, therefore, affected by multiple vulnerabilities:

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40460, CVE-2021-41338)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40450, CVE-2021-40464,     CVE-2021-40466, CVE-2021-40467, CVE-2021-40470,     CVE-2021-40476, CVE-2021-40477, CVE-2021-40478,     CVE-2021-40488, CVE-2021-40489, CVE-2021-41335,     CVE-2021-41339, CVE-2021-41345, CVE-2021-41347)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-40475, CVE-2021-41332,     CVE-2021-41343)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40461,     CVE-2021-40462, CVE-2021-40465, CVE-2021-41330,     CVE-2021-41331, CVE-2021-41340, CVE-2021-41342)

The remote Windows host is missing security update 5006670.
It is, therefore, affected by multiple vulnerabilities:

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40460, CVE-2021-41338, CVE-2021-41346)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-40468, CVE-2021-40475,     CVE-2021-41332, CVE-2021-41343)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40450, CVE-2021-40464,     CVE-2021-40466, CVE-2021-40467, CVE-2021-40470,     CVE-2021-40476, CVE-2021-40477, CVE-2021-40478,     CVE-2021-40488, CVE-2021-40489, CVE-2021-41334,     CVE-2021-41335, CVE-2021-41339, CVE-2021-41345,     CVE-2021-41347, CVE-2021-41357)

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40461,     CVE-2021-40462, CVE-2021-40465, CVE-2021-41330,     CVE-2021-41331, CVE-2021-41340, CVE-2021-41342)

The remote Windows host is missing security update 5006699. It is, therefore, affected by multiple vulnerabilities

The remote Windows host is missing security update 5006672.
It is, therefore, affected by multiple vulnerabilities:

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40456, CVE-2021-40460, CVE-2021-41337,     CVE-2021-41338)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455,     CVE-2021-41361)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40461,     CVE-2021-40462, CVE-2021-40465, CVE-2021-40469,     CVE-2021-41330, CVE-2021-41331, CVE-2021-41340,     CVE-2021-41342)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40450, CVE-2021-40464,     CVE-2021-40466, CVE-2021-40467, CVE-2021-40470,     CVE-2021-40476, CVE-2021-40477, CVE-2021-40478,     CVE-2021-40488, CVE-2021-40489, CVE-2021-41335,     CVE-2021-41345, CVE-2021-41347)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-40475, CVE-2021-41332,     CVE-2021-41343)

ID	Name	Product	Family	Severity
154042	KB5006674: Windows 11 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high
154037	KB5006667: Windows 10 version 1909 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high
154033	KB5006670: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 October 2021 Security Update	Nessus	Windows : Microsoft Bulletins	high
154029	KB5006699: Windows Server 2022 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high
154026	KB5006672: Windows 10 Version 1809 and Windows Server 2019 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high

CVE-2021-40461

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high