NVD disclosure day
CVE-2021-42321
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Microsoft Exchange Server has a vulnerability allowing authenticated attackers to run arbitrary code. This impacts organizations by risking data compromise and operational disruption. Business risk includes unauthorized system control.
CVE-2021-42292
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A security feature bypass vulnerability in Microsoft Excel can allow for unauthorized code execution. This poses a business risk by potentially compromising data and system integrity. Organizations should address this issue to mitigate potential impacts.
CVE-2021-42287
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Microsoft Active Directory Domain Services has an elevation of privilege vulnerability. Affected organizations risk attackers gaining administrative control, potentially leading to data compromise and operational disruption. This vulnerability is known to be exploited by attackers.
CVE-2021-42278
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Microsoft Active Directory Domain Services allows for privilege escalation, potentially impacting organizational systems and data. The risk involves unauthorized control over critical IT infrastructure. Updates are available from the vendor.
CVE-2021-41379
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Windows Installer allows an attacker with local access to escalate privileges. This could impact system integrity and lead to unauthorized actions. The risk to organizations is heightened as this vulnerability is listed among known exploited vulnerabilities.