CVE-2021-26424
published 2021-08-12CVE-2021-26424: Windows TCP/IP Remote Code Execution Vulnerability
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Windows TCP/IP Remote Code Execution Vulnerability
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19022 | 10.0.10240.19022 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1734 | 10.0.18363.1734 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1165 | 10.0.19043.1165 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21192 | 6.0.6003.21192 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23435 | 6.2.9200.23435 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
Microsoft
Windows TCP/IP Remote Code Execution Vulnerability
vendor_msrc·2021-08-10·CVSS 9.9
CVE-2021-26424 [CRITICAL] Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
This vulnerability is remotely triggerable by a malicious Hyper-V guest that sends an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.
Is this attack specific to Hyper-V or applicable to all hypervisor technologies?
This attack is specific to Hyper-V. Systems that do not have Hyper-V installed are not at risk.
Will disabling IPV6 mitigate this vulnerability?
Yes. Disabling IPV6 will block the threat vector. See Guidance for configuring IPv6 in Windows for advanced users for instructions for disabling IPV6.
Windows TCP/IP: Windows TCP/IP
Microsoft: Microsoft
Impact: R
GHSA
GHSA-f425-rchp-ffpg: Windows TCP/IP Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-26424 [CRITICAL] GHSA-f425-rchp-ffpg: Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Talos
Threat Source newsletter (Aug. 12, 2021)
blogs_talos·2021-08-12
Threat Source newsletter (Aug. 12, 2021)
Good afternoon, Talos readers.
No, that's not Ratatouille. It's ServHelper, who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is stealing credit card data and other sensitive information. We've been tracking this actor for a while now, and recently saw a huge spike in their activity. Find out what this means for your organization in our blog post and accompanying one-page overview.
Obviously, there are plenty more scary things to worry about on the threat landscape. And for that, there's the Talos Incident Response Quarterly Threat Report, where we run down the top TTPs, malware families and actors our incident responders are seeing in the wild.
As if all of that wasn't sc
Talos
Threat Source newsletter (Aug. 12, 2021)
blogs_talos·2021-08-12
Threat Source newsletter (Aug. 12, 2021)
## Threat Source newsletter (Aug. 12, 2021)
Good afternoon, Talos readers.
No, that's not Ratatouille. It's ServHelper , who is much more dangerous (albeit just as cute) as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is stealing credit card data and other sensitive information. We've been tracking this actor for a while now, and recently saw a huge spike in their activity. Find out what this means for your organization in our blog post and accompanying one-page overview.
Obviously, there are plenty more scary things to worry about on the threat landscape. And for that, there's the Talos Incident Response Quarterly Threat Report , where we run down the top TTPs, malware families and actors our incident responders are s
Talos
Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-08-10·CVSS 9.9
CVE-2021-26424 [CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Martin Lee.
Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.
There are only nine critical vulnerabilities included in this release, and the remainder is “important.”
The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raises the possibility of a malicious program running in a virtual machine compromising the h
Talos
Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-08-10·CVSS 9.9
[CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Martin Lee.
Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.
There are only nine critical vulnerabilities included in this release, and the remainder is “important.”
The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raise
Krebs
Microsoft Patch Tuesday, August 2021 Edition
blogs_krebs·2021-08-10·CVSS 7.8
CVE-2021-36948 [HIGH] Microsoft Patch Tuesday, August 2021 Edition
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privil
Krebs
Microsoft Patch Tuesday, August 2021 Edition
blogs_krebs·2021-08-10·CVSS 7.8
CVE-2021-36948 [HIGH] Microsoft Patch Tuesday, August 2021 Edition
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.
Microsoft said attackers have seized upon CVE-2021-36948 , which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.
Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privi
Tenable
Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948)
blogs_tenable·2021-08-10·CVSS 9.9
[CRITICAL] Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
blogs_qualys·2021-08-10·CVSS 7.0
CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
## Microsoft Patch Tuesday – August 2021
Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-36942 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.
CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability
A remote cod
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-08-12
Published