Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2021-311

Vulnerability description

CVE-2021-26435 | Windows Scripting Engine Memory Corruption Vulnerability
CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability
CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability
CVE-2021-36961 | Windows Installer Denial of Service Vulnerability
CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability
CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-36965 | Windows WLAN Auto Config Service Remote Code Execution Vulnerability
CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2021-36967 | Windows WLAN Auto Config Service Elevation of Privilege Vulnerability
CVE-2021-36969 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability
CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability
CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability
CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability
CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability
CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2021-38635 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability
CVE-2021-38636 | Windows Redirected Drive Buffering Sub System Driver Information Disclosure Vulnerability
CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability
CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability
CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• October 15, 2021: This security information page is published.