<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34481 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.8 |
Summary | <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p> |
09 Aug 2021, 14:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
22 Jul 2021, 17:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-269 | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | |
References | (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34481 - Patch, Vendor Advisory |
16 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-16 21:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-34481
Mitre link : CVE-2021-34481
CVE.ORG link : CVE-2021-34481
JSON object : View
Products Affected
microsoft
- windows_server_2012
- windows_server_2016
- windows_server_2008
- windows_server_2019
- windows_rt_8.1
- windows_7
- windows_8.1
- windows_10
CWE
CWE-269
Improper Privilege Management