CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-26887 – Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26887
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26886 – User Profile Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-26886
User Profile Service Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio del User Profile Service This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a junction, an attacker can abuse the service to overwrite the contents of a chosen file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886 https://www.zerodayinitiative.com/advisories/ZDI-21-327 •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26884 – Windows Media Photo Codec Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26884
Windows Media Photo Codec Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información de Photo Codec de Windows Media • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2021-26882 – Remote Access API Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26882
Remote Access API Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de la API Remote Access • https://github.com/taiji-xo/CVE-2021-26882 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26882 •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-26881 – Microsoft Windows Media Foundation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26881
Microsoft Windows Media Foundation Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Microsoft Windows Media Foundation • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26881 •