CVE-2021-43211
Windows 10 Update Assistant Elevation of Privilege Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Windows 10 Update Assistant Elevation of Privilege Vulnerability
Una Vulnerabilidad de ElevaciĆ³n de Privilegios en el Asistente de ActualizaciĆ³n de Windows 10. Este CVE ID es diferente de CVE-2021-42297
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within Windows Update Assistant. By creating a directory junction, an attacker can abuse Windows Update Assistant to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-27 CVE Published
- 2021-11-02 CVE Reserved
- 2023-04-09 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43211 | 2023-12-28 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 10 Update Assistant Search vendor "Microsoft" for product "Windows 10 Update Assistant" | - | - |
Affected
|