Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2021-301

Vulnerability description

CVE-2021-1637 |  Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1638 |  Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1642 |  Windows App X Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1645 |  Windows Docker Information Disclosure Vulnerability
CVE-2021-1646 |  Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1647 |  Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1648 |  Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1649 |  Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1650 |  Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1651 |  Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1652 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1653 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1654 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1655 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1656 |  TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1657 |  Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1658 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1659 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1660 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1661 |  Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1662 |  Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1664 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1665 |  GDI+ Remote Code Execution Vulnerability
CVE-2021-1666 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1667 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1668 |  Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1669 |  Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1671 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1672 |  Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-1673 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1674 |  Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1676 |  Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1678 |  NTLM Security Feature Bypass Vulnerability
CVE-2021-1679 |  Windows CryptoAPI 　Denial of Service Vulnerability
CVE-2021-1680 |  Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1681 |  Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2021-1682 |  Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-1683 |  Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1684 |  Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1685 |  Windows App X Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1686 |  Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2021-1687 |  Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2021-1688 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1689 |  Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-1690 |  Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2021-1692 |  Hyper-V Denial of Service Vulnerability
CVE-2021-1693 |  Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1694 |  Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1695 |  Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1696 |  Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1697 |  Windows Install Service Elevation of Privilege Vulnerability
CVE-2021-1699 |  Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1700 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1701 |  Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1702 |  Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1704 |  Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1705 |  Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1706 |  Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1708 |  Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1709 |  Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1710 |  Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• February 5, 2021: This security information page is published.