https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41337

The remote Windows host is missing security update 5006669.
It is, therefore, affected by multiple vulnerabilities:

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40466, CVE-2021-40467,     CVE-2021-40470, CVE-2021-40476, CVE-2021-40477,     CVE-2021-40478, CVE-2021-40488, CVE-2021-40489,     CVE-2021-41335, CVE-2021-41345, CVE-2021-41347)

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455,     CVE-2021-41361)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40465,     CVE-2021-40469, CVE-2021-41331, CVE-2021-41340,     CVE-2021-41342)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-41332, CVE-2021-41343)

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40460, CVE-2021-41337, CVE-2021-41338)

The remote Windows host is missing security update 5006670.
It is, therefore, affected by multiple vulnerabilities:

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40460, CVE-2021-41338, CVE-2021-41346)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-40468, CVE-2021-40475,     CVE-2021-41332, CVE-2021-41343)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40450, CVE-2021-40464,     CVE-2021-40466, CVE-2021-40467, CVE-2021-40470,     CVE-2021-40476, CVE-2021-40477, CVE-2021-40478,     CVE-2021-40488, CVE-2021-40489, CVE-2021-41334,     CVE-2021-41335, CVE-2021-41339, CVE-2021-41345,     CVE-2021-41347, CVE-2021-41357)

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40461,     CVE-2021-40462, CVE-2021-40465, CVE-2021-41330,     CVE-2021-41331, CVE-2021-41340, CVE-2021-41342)

The remote Windows host is missing security update 5006699. It is, therefore, affected by multiple vulnerabilities

The remote Windows host is missing security update 5006672.
It is, therefore, affected by multiple vulnerabilities:

  - A security feature bypass vulnerability exists. An     attacker can exploit this and bypass the security     feature and perform unauthorized actions compromising     the integrity of the system/application.
    (CVE-2021-40456, CVE-2021-40460, CVE-2021-41337,     CVE-2021-41338)

  - A denial of service (DoS) vulnerability. An attacker can     exploit this issue to cause the affected component to     deny system or application services. (CVE-2021-36953,     CVE-2021-40463)

  - A session spoofing vulnerability exists. An attacker can     exploit this to perform actions with the privileges of     another user. (CVE-2021-36970, CVE-2021-40455,     CVE-2021-41361)

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2021-40461,     CVE-2021-40462, CVE-2021-40465, CVE-2021-40469,     CVE-2021-41330, CVE-2021-41331, CVE-2021-41340,     CVE-2021-41342)

  - An elevation of privilege vulnerability. An attacker can     exploit this to gain elevated privileges.
    (CVE-2021-26441, CVE-2021-26442, CVE-2021-40443,     CVE-2021-40449, CVE-2021-40450, CVE-2021-40464,     CVE-2021-40466, CVE-2021-40467, CVE-2021-40470,     CVE-2021-40476, CVE-2021-40477, CVE-2021-40478,     CVE-2021-40488, CVE-2021-40489, CVE-2021-41335,     CVE-2021-41345, CVE-2021-41347)

  - An information disclosure vulnerability. An attacker can     exploit this to disclose potentially sensitive     information. (CVE-2021-38662, CVE-2021-38663,     CVE-2021-40454, CVE-2021-40475, CVE-2021-41332,     CVE-2021-41343)

ID	Name	Product	Family	Severity
154034	KB5006669: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high
154033	KB5006670: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 October 2021 Security Update	Nessus	Windows : Microsoft Bulletins	high
154029	KB5006699: Windows Server 2022 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high
154026	KB5006672: Windows 10 Version 1809 and Windows Server 2019 Security Update (October 2021)	Nessus	Windows : Microsoft Bulletins	high

CVE-2021-41337

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high