CVE-2015-1641 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2021-27085 - Microsoft Internet Explorer Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2019-0541 - Microsoft MSHTML Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

CVE-2020-0674 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2019-1367 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

CVE-2017-0199 - Microsoft Office and WordPad Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

CVE-2020-1380 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2019-1429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2017-11774 - Microsoft Office Outlook Security Feature Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2020-0968 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2020-1472 - Microsoft Netlogon Privilege Escalation Vulnerability -

Action Due Sep 21, 2020 Target Vendor : Microsoft

Description : Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 20-03 (https://www.cisa.gov/emergency-directive-20-03) for further guidance and requirements.

CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/emergency-directive-21-02) for further guidance and requirements.

CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/emergency-directive-21-02) for further guidance and requirements.

CVE-2021-27065 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/emergency-directive-21-02) for further guidance and requirements.

CVE-2020-1054 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2021-1675 - Microsoft Windows Print Spooler Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

CVE-2021-34448 - Microsoft Windows Scripting Engine Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

CVE-2020-0601 - Microsoft Windows CryptoAPI Spoofing Vulnerability -

Action Due Jan 29, 2020 Target Vendor : Microsoft

Description : Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 20-02 (https://www.cisa.gov/emergency-directive-20-02) for further guidance and requirements.