CVE-2021-36934 Windows Elevation of Privilege Vulnerability

  • Staff
Executive Summary

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker must have the ability to execute code on a victim system to exploit this vulnerability.

We will update this CVE with mitigations and workarounds as our investigation progresses.

FAQ

No versions of Windows are listed in the Security Updates table. Are all versions vulnerable?

So far, we can confirm that this issue affects Windows 10 version 1809 and newer client operating systems. We will update this CVE as we continue our investigation. If you wish to be notified when updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications.



Read more: Security Update Guide - Microsoft Security Response Center
 

Attachments

  • windows_security_new.png
    windows_security_new.png
    5 KB · Views: 0
Top Bottom