CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-38634 – Microsoft Windows Update Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-38634
Microsoft Windows Update Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Microsoft Windows Update Client This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Agent. By creating a directory junction, an attacker can abuse Windows Update Agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38634 https://www.zerodayinitiative.com/advisories/ZDI-21-1075 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-38633 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-38633
Windows Common Log File System Driver Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Common Log File System Driver. Este ID de CVE es diferente de CVE-2021-36955, CVE-2021-36963 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38633 • CWE-269: Improper Privilege Management •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38632 – BitLocker Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-38632
BitLocker Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Funcionalidad de Seguridad de BitLocker • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38632 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38630 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-38630
Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Event Tracing. Este CVE ID es diferente de CVE-2021-36964 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38630 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 1%CPEs: 19EXPL: 0CVE-2021-38629 – Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-38629
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Windows Ancillary Function Driver for WinSock • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38629 •