CVE-2021-26426
published 2021-08-12CVE-2021-26426: Windows User Account Profile Picture Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Windows User Account Profile Picture Elevation of Privilege Vulnerability
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19022 | 10.0.10240.19022 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1734 | 10.0.18363.1734 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1165 | 10.0.19043.1165 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23435 | 6.2.9200.23435 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
Microsoft
Windows User Account Profile Picture Elevation of Privilege Vulnerability
vendor_msrc·2021-08-10·CVSS 7.0
CVE-2021-26426 [HIGH] Windows User Account Profile Picture Elevation of Privilege Vulnerability
Windows User Account Profile Picture Elevation of Privilege Vulnerability
Windows User Profile Service: Windows User Profile Service
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
Reference: https://support.microsoft.com/help/5005030
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
Reference: https://support.microsoft.com/help/5005031
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
Reference: https://support.microsoft.com/help/5005033
Reference: https://catalog.update.microsoft.co
GHSA
GHSA-x3rj-r3p4-hq68: Windows User Account Profile Picture Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-26426 [HIGH] CWE-269 GHSA-x3rj-r3p4-hq68: Windows User Account Profile Picture Elevation of Privilege Vulnerability
Windows User Account Profile Picture Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
2021-08-12
Published