CVE-2021-26432
published 2021-08-12CVE-2021-26432: Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19022 | 10.0.10240.19022 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1734 | 10.0.18363.1734 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1165 | 10.0.19043.1165 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23435 | 6.2.9200.23435 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
GHSA
GHSA-7367-6rvj-7jxm: Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-26432 [CRITICAL] GHSA-7367-6rvj-7jxm: Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
Microsoft
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
vendor_msrc·2021-08-10·CVSS 9.8
CVE-2021-26432 [CRITICAL] Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
FAQ: What system configurations would expose this vulnerability?
Servers that have installed the Network File System are exposed to this vulnerability in rpcxdr.sys.
An attacker would require read or write permission to any file on an NFS share on the victim system. If NFS is configured to allow anonymous access, then the victim system would be vulnerable to unauthenticated attackers.
Does this security update apply to non-server systems?
Yes. While servers are much more likely to be exposed to this vulnerability, the security update to rpcxdr.sys applies to all Windows editions in the Security Updates table.
Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver
Microsoft: Mic
No detection rules found.
No public exploits indexed.
Trendmicro
August Patch Tuesday: A Quiet Month for Microsoft
blogs_trendmicro·2021-08-11·CVSS 8.8
[HIGH] August Patch Tuesday: A Quiet Month for Microsoft
Exploits & Vulnerabilities
# August Patch Tuesday: A Quiet Month for Microsoft
August proves to be a quieter month for Microsoft, after an eventful July. This month, there were only 44 security bulletins, part of which are three Print Spooler flaws and a further fix for PetitPotam.
By: Trend Micro Research
2021/08/11
Read time: ( words)
Save to Folio
The August Patch Tuesday proves to be a calmer month for Microsoft, compared to the more eventful July security bulletin. This is evident in the short list of only 44 patched vulnerabilities published this month, of which seven are noted as critical and the rest as important. Eight were also submitted via the Trend Micro Zero Day Initiative.
What is notable for this month is the inclusion of three vulnerabilities in Print Spooler, given
Talos
Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-08-10·CVSS 9.9
CVE-2021-26424 [CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Martin Lee.
Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.
There are only nine critical vulnerabilities included in this release, and the remainder is “important.”
The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raises the possibility of a malicious program running in a virtual machine compromising the h
Talos
Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-08-10·CVSS 9.9
[CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Martin Lee.
Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years.
There are only nine critical vulnerabilities included in this release, and the remainder is “important.”
The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raise
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
blogs_qualys·2021-08-10·CVSS 7.0
CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
## Microsoft Patch Tuesday – August 2021
Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-36942 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.
CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability
A remote cod
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-08-12
Published