CVE-2021-26873 – Windows User Profile Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26873
Windows User Profile Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del User Profile Service de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to create a second junction in a sensitive location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26873 https://www.zerodayinitiative.com/advisories/ZDI-21-283 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-26872 – Windows Event Tracing Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26872
Windows Event Tracing Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Event Tracing de Windows. Este ID de CVE es diferente de CVE-2021-26898, CVE-2021-26901 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26872 •
CVE-2021-26869 – Windows ActiveX Installer Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26869
Windows ActiveX Installer Service Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información del ActiveX Installer Service de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26869 •
CVE-2021-26868 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26868
Windows Graphics Component Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Graphics Component de Windows • https://github.com/KangD1W2/CVE-2021-26868 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-26862 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26862
Windows Installer Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Installer This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer Service. By creating a directory junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862 https://www.zerodayinitiative.com/advisories/ZDI-21-285 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •