Lucene search
Abdelhamid NaceriZDI-21-1075HistorySep 16, 2021 - 12:00 a.m.
Microsoft Windows Update Agent Directory Junction Privilege Escalation Vulnerability
2021-09-1600:00:00
Abdelhamid Naceri
www.zerodayinitiative.com
28
0.0004 Low
EPSS
Percentile
9.8%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Agent. By creating a directory junction, an attacker can abuse Windows Update Agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
nvd
nvd
CVE-2021-38634
2021-09-15 12:15:14
prion
prion
Privilege escalation
2021-09-15 12:15:00
cvelist
cvelist
mscve
mscve
Microsoft Windows Update Client Elevation of Privilege Vulnerability
2021-09-14 07:00:00
cve
cve
CVE-2021-38634
2021-09-15 12:15:14
nessus
nessus
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5005573)
2021-09-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5005569)
2021-09-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5005568)
2021-09-15 00:00:00
mskb
mskb
September 14, 2021âKB5005573 (OS Build 14393.4651) - EXPIRED
2021-09-14 07:00:00
September 14, 2021âKB5005575 (OS Build 20348.230)
2021-09-14 07:00:00
September 14, 2021âKB5005569 (OS Build 10240.19060) - EXPIRED
2021-09-14 07:00:00
kaspersky
kaspersky
KLA12290 Multiple vulnerabilities in Microsoft Windows
2021-09-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - September 2021
2021-09-15 03:44:31
qualysblog
qualysblog