CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-27077 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-27077
Windows Win32k Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Win32k. Este ID de CVE es diferente de CVE-2021-26863, CVE-2021-26875, CVE-2021-26900 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull.sys driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077 https://www.zerodayinitiative.com/advisories/ZDI-21-287 https://www.zerodayinitiative.com/advisories/ZDI-21-403 https://www.zerodayinitiative.com/advisories/ZDI-21-482 https://www.zerodayinitiative.com/advisories/ZDI-21-494 https://www.zerodayinitiative.com/advisories/ZDI-21-495 https://www.zerodayinitiative.com/advisories/ZDI-21-496 https://www.zerodayinitiative.com/advisories/ZDI-21-497 https://www.zerodayinitiative. • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-26901 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26901
Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Event Tracing de Windows. Este ID de CVE es diferente de CVE-2021-26872, CVE-2021-26898 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901 •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-26899 – Windows UPnP Device Host Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26899
Windows UPnP Device Host Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de UPnP Device Host de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899 •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-26898 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26898
Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Event Tracing de Windows. Este ID de CVE es diferente de CVE-2021-26872, CVE-2021-26901 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-26887 – Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26887
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •