CVE-2021-27086 – Windows Services and Controller App Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-27086

13 Apr 2021 — Windows Services and Controller App Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Services y Controller App de Windows The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc. • https://packetstorm.news/files/id/162157 • CWE-863: Incorrect Authorization •

CVE-2021-27079 – Windows Media Photo Codec Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-27079

13 Apr 2021 — Windows Media Photo Codec Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Media Photo Codec de Windows • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27079 •

CVE-2021-27072 – Win32k Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-27072

13 Apr 2021 — Win32k Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Win32k. Este ID de CVE es diferente de CVE-2021-28310 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27072 •

CVE-2021-26415 – Windows Installer Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-26415

13 Apr 2021 — Windows Installer Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Installer. Este ID de CVE es diferente de CVE-2021-28440 This vulnerability allows local attackers to write data to arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. The issue results from... • https://github.com/adenkiewicz/CVE-2021-26415 • CWE-20: Improper Input Validation •

CVE-2021-26413 – Windows Installer Spoofing Vulnerability

https://notcve.org/view.php?id=CVE-2021-26413

13 Apr 2021 — Windows Installer Spoofing Vulnerability Vulnerabilidad de Suplantación de Identidad de Windows Installer • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26413 •

CVE-2021-27077 – Windows Win32k Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-27077

11 Mar 2021 — Windows Win32k Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Win32k. Este ID de CVE es diferente de CVE-2021-26863, CVE-2021-26875, CVE-2021-26900 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull.sys driver. The issue ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077 • CWE-269: Improper Privilege Management •

CVE-2021-27085 – Microsoft Internet Explorer Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-27085

11 Mar 2021 — Internet Explorer Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085 •

CVE-2021-26892 – Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2021-26892

11 Mar 2021 — Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Una Vulnerabilidad de Omisión de la Característica de Seguridad del Extensible Firmware Interface de Windows This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows kernel. The issue r... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26892 •

CVE-2021-26889 – Windows Update Stack Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-26889

11 Mar 2021 — Windows Update Stack Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de la Pila de Windows Update This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Setup. By creating a directory junction, an attacker can abuse Windows Setup to create a fi... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2021-26887 – Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2021-26887

11 Mar 2021 —

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.

To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. Wh... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •