Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12347
HistoryNov 16, 2021 - 12:00 a.m.

KLA12347 PE vulnerabilities in Microsoft Windows

2021-11-1600:00:00
Kaspersky Lab
threats.kaspersky.com
9
microsoft windows
elevation of privilege
remote exploit
cve-2021-43211
cve-2021-42297
windows update assistant
privilege escalation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0

Percentile

9.7%

JSON

Elevation of privilege vulnerabilities were found in Microsoft Windows. Malicious users can remotely exploit this vulnerability to gain privileges.

Original advisories

CVE-2021-43211

CVE-2021-42297

Related products

Microsoft-Windows

CVE list

CVE-2021-43211 unknown

CVE-2021-42297 unknown

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Update Assistant

Related

nvd 2
cnvd 1
cvelist 2
prion 2
cve 2
mscve 2
zdi 2
nvd
nvd
CVE-2021-43211
2021-11-24 01:15:08
CVE-2021-42297
2021-11-24 01:15:08
cnvd
cnvd
Microsoft Windows Update Assistantζƒι™ζε‡ζΌζ΄ž
2021-11-22 00:00:00
cvelist
cvelist
CVE-2021-43211 Windows 10 Update Assistant Elevation of Privilege Vulnerability
2021-11-24 01:05:14
CVE-2021-42297 Windows 10 Update Assistant Elevation of Privilege Vulnerability
2021-11-24 01:05:12
prion
prion
Privilege escalation
2021-11-24 01:15:00
Privilege escalation
2021-11-24 01:15:00
cve
cve
CVE-2021-43211
2021-11-24 01:15:08
CVE-2021-42297
2021-11-24 01:15:08
mscve
mscve
Windows 10 Update Assistant Elevation of Privilege Vulnerability
2021-11-16 08:00:00
Windows 10 Update Assistant Elevation of Privilege Vulnerability
2021-11-16 08:00:00
zdi
zdi
(0Day) Microsoft Windows Update Assistant Directory Junction Privilege Escalation Vulnerability
2021-10-27 00:00:00
Microsoft Windows Update Assistant Link Following Local Privilege Escalation Vulnerability
2021-11-24 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0

Percentile

9.7%

JSON
Related for KLA12347
nvd2cnvd1cvelist2prion2cve2mscve2zdi2