Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2021-312

Vulnerability description

CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability
CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability
CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVE-2021-38663 | Windows ex FAT File System Information Disclosure Vulnerability
CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability
CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability
CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability
CVE-2021-40455 | Windows Installer Spoofing Vulnerability
CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVE-2021-40463 | Windows NAT Denial of Service Vulnerability
CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2021-40476 | Windows App Container Elevation Of Privilege Vulnerability
CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability
CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-41338 | Windows App Container Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-41347 | Windows App X Deployment Service Elevation of Privilege Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• November 5, 2021: This security information page is published.