Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2021-304

Vulnerability description

CVE-2021-26413 | Windows Installer Spoofing Vulnerability
CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability
CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability
CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability
CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability
CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability
CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability
CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability
CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability
CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability
CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability
CVE-2021-28316 | Windows WLAN Auto Config Service Security Feature Bypass Vulnerability
CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability
CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability
CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability
CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability
CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability
CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability
CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability
CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability
CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability
CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability
CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability
CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability
CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability
CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• May 12, 2021: This security information page is published.