Lucene search

K
mscveMicrosoftMS:CVE-2021-36958
HistoryAug 11, 2021 - 7:00 a.m.

Windows Print Spooler Remote Code Execution Vulnerability

2021-08-1107:00:00
Microsoft
msrc.microsoft.com
157
windows
print spooler
remote code execution
vulnerability
file operations
system privileges
exploited
arbitrary code
programs
data
user rights

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.065

Percentile

93.9%

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Affected configurations

Vulners
Node
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server_2012Range<6.3.9600.20120r2
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<6.2.9200.23462
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<6.2.9200.23462
OR
microsoftwindows_server_2012Range<6.2.9200.23462
OR
microsoftwindows_server_2012Range<6.2.9200.23462
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.1.7601.25712r2x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server_2008Range<6.0.6003.21218x64
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<6.0.6003.21218
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<6.0.6003.21218
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.0.6003.21218
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.0.6003.21218
OR
microsoftwindows_rt_8.1Range<6.3.9600.20120
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<6.3.9600.20120
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<6.3.9600.20120
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.3.9600.20120
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.3.9600.20120
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<6.1.7601.25712
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<6.1.7601.25712
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.1.7601.25712
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<6.1.7601.25712
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<10.0.14393.4651
OR
microsoftwindows_server_2016Range<10.0.14393.4651
OR
microsoftwindows_defender_on_windows_10_1607_for_x64-based_systemsRange<10.0.14393.4651
OR
microsoftwindows_defender_on_windows_10_1607_for_32-bit_systemsRange<10.0.14393.4651
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<10.0.10240.19060
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<10.0.10240.19060
OR
microsoftwindows_server_20h2Range<10.0.19042.1237
OR
microsoftwindows_10_20h2Range<10.0.19042.1237arm64
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<10.0.19042.1237
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<10.0.19042.1237
OR
microsoftwindows_server_version_2004Range<10.0.19041.1237
OR
microsoftwindows_10_2004_for_x64-based_systemsRange<10.0.19041.1237
OR
microsoftwindows_10_2004_for_arm64-based_systemsRange<10.0.19041.1237
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<10.0.19041.1237
OR
microsoftwindows_10_2004_for_32-bit_systemsRange<10.0.19043.1237
OR
microsoftwindows_10_1709_for_arm64-based_systemsRange<10.0.19043.1237
OR
microsoftwindows_10_1903_for_x64-based_systemsRange<10.0.19043.1237
OR
microsoftwindows_10_1909_for_arm64-based_systemsRange<10.0.18363.1801
OR
microsoftwindows_10_1909_for_x64-based_systemsRange<10.0.18363.1801
OR
microsoftwindows_10_1909_for_32-bit_systemsRange<10.0.18363.1801
OR
microsoftwindows_server\,_1803_\(server_core_installation\)Range<10.0.17763.2183
OR
microsoftwindows_server_2019Range<10.0.17763.2183
OR
microsoftwindows_10_1809_for_arm64-based_systemsRange<10.0.17763.2183
OR
microsoftwindows_10_1809_for_x64-based_systemsRange<10.0.17763.2183
OR
microsoftwindows_10_1809_for_32-bit_systemsRange<10.0.17763.2183

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.065

Percentile

93.9%