Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Microsoft Windows vulnerabilities

By 17 May 2021 April 9th, 2023 CERT, SOC, Vulnerability

This blog contains information about the Microsoft Windows vulnerability. As soon as we have an update, we will add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update May 17, 2021

20:00 | The vulnerabilities with attributes CVE-2021-31166 (CVSS 9.80) and CVE-2021-28476 (CVSS 9.90) have been rated “Critical” by Microsoft.

The vulnerability with attribute CVE-2021-31166 resides in the HTTP Protocol Stack. A remote malicious entity could exploit this vulnerability by sending specially prepared packets to the HTTP server to execute arbitrary code. Proof-of-Concept code was released for this vulnerability on 16-05-2021. The Proof-of-Concept code shows that it is possible to perform a Denial-of-Service.

The vulnerability with attribute CVE-2021-28476 resides in Hyper-V where a Hyper-V VM could force the Hyper-V host kernel to read an arbitrary, potentially invalid address. The content of the address will not reach the Hyper-V VM. In most cases this will lead to a Denial-of-Service of the Hyper-V host (bug check). Microsoft indicates that it is also possible to compromise the security of the Hyper-V host by reading the registry of specific attached peripherals.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Characteristics

  • Denial-of-Service (DoS)
  • Manipulation of data
  • Circumvention of security measure
  • (Remote) code execution (Administrator / Root rights)
  • Access to sensitive data
  • Access to system data

Detail info

Microsoft fixes multiple vulnerabilities in Windows.

A malicious entity could potentially exploit the vulnerabilities to:

  • Cause a Denial of Service,
  • Bypass security measures,
  • Run arbitrary code,
  • Obtain increased rights,
  • To gain access to sensitive data,
  • To pretend to be another user.

The vulnerabilities with attributes CVE-2021-31166 (CVSS 9.80) and CVE-2021-28476 (CVSS 9.90) have been rated “Critical” by Microsoft.

The vulnerability with attribute CVE-2021-31166 resides in the HTTP Protocol Stack. A remote malicious entity could exploit this vulnerability by sending specially prepared packets to the HTTP server to execute arbitrary code. Proof-of-Concept code was released for this vulnerability on 16-05-2021. The Proof-of-Concept code shows that it is possible to perform a Denial-of-Service.

The vulnerability with attribute CVE-2021-28476 resides in Hyper-V where a Hyper-V VM could force the Hyper-V host kernel to read an arbitrary, potentially invalid address. The content of the address will not reach the Hyper-V VM. In most cases this will lead to a Denial-of-Service of the Hyper-V host (bug check). Microsoft indicates that it is also possible to compromise the security of the Hyper-V host by reading the registry of specific attached peripherals.

Below is an overview of the various vulnerabilities described per component and their impact:

Jet Red and Access Connectivity:

CVE-ID CVSS Impact
CVE-2021-28455 8,80 Arbitrary code execution

Windows RDP Client:

CVE-ID CVSS Impact
CVE-2021-31186 7,40 Access to sensitive data

Windows SMB:

CVE-ID CVSS Impact
CVE-2021-31205 4,30 Circumvention of security measure

Microsoft Bluetooth Driver:

CVE-ID CVSS Impact
CVE-2021-31182 7,10 Present as another user

Windows Container Isolation FS Filter Driver:

CVE-ID CVSS Impact
CVE-2021-31190 7,80 Obtaining Increased Rights

Windows Container Manager Service:

CVE-ID CVSS Impact
CVE-2021-31165 7,80 Obtaining Increased Rights
CVE-2021-31167 7,80 Obtaining Increased Rights
CVE-2021-31168 7,80 Obtaining Increased Rights
CVE-2021-31169 7,80 Obtaining Increased Rights
CVE-2021-31208 7,80 Obtaining Increased Rights

HTTP.sys:

CVE-ID CVSS Impact
CVE-2021-31166 9,80 Arbitrary code execution

Role: Hyper-V:

CVE-ID CVSS Impact
CVE-2021-28476 9,90 Arbitrary code execution

Windows SSDP Service:

CVE-ID CVSS Impact
CVE-2021-31193 7,80 Obtaining Increased Rights

Microsoft Windows IrDA:

CVE-ID CVSS Impact
CVE-2021-31184 5,50 Access to sensitive data

Windows Wireless Networking:

CVE-ID CVSS Impact
CVE-2020-24588 6,50 Present as another user
CVE-2020-24587 6,50 Access to sensitive data
CVE-2020-26144 6,50 Present as another user

Windows Projected File System FS Filter:

CVE-ID CVSS Impact
CVE-2021-31191 5,50 Access to sensitive data

Windows OLE:

CVE-ID CVSS Impact
CVE-2021-31194 7,80 Arbitrary code execution

Windows WalletService:

CVE-ID CVSS Impact
CVE-2021-31187 7,80 Obtaining Increased Rights

Windows Desktop Bridge:

CVE-ID CVSS Impact
CVE-2021-31185 5,50 Denial-of-Service

Windows CSC Service:

CVE-ID CVSS Impact
CVE-2021-28479 5,50 Access to sensitive data

Microsoft Windows Codecs Library:

CVE-ID CVSS Impact
CVE-2021-31192 7,80 Arbitrary code execution
CVE-2021-28465 7,80 Arbitrary code execution

Microsoft Graphics Component:

CVE-ID CVSS Impact
CVE-2021-31170 7,80 Obtaining Increased Rights
CVE-2021-31188 7,80 Obtaining Increased Rights

Solution

Microsoft has released updates that address the vulnerabilities described. We recommend that you install these updates. More information about the vulnerabilities, the installation of the updates and any workarounds, see the Microsoft website.

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.