CVE-2021-27085
published 2021-03-11CVE-2021-27085: Internet Explorer Remote Code Execution Vulnerability
PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
3.71%
88.4th percentile
Internet Explorer Remote Code Execution Vulnerability
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | >= 1.0.0 < publication | publication |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_2004_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_2004_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_20h2_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_20h2_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_20h2_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_server_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-27085 has been confirmed exploited in the wild (in-the-wild exploitation detected for both latest and older software releases of Internet Explorer) ↗
- ·The vulnerability is described as 'unspecified' — no technical details, exploit chain, payload, or specific vulnerable component beyond 'Internet Explorer' have been publicly disclosed in the available sources, limiting the ability to create precise detection signatures. ↗
- ·The exploit has NOT been publicly disclosed per Microsoft, meaning no public PoC or detailed write-up is available from these sources to derive further IOCs. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Internet Explorer Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2021-27085 [HIGH] Microsoft Internet Explorer Remote Code Execution Vulnerability
Vulnerability: Microsoft Internet Explorer Remote Code Execution Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-27085
Remediation Due Date: 2021-11-17
Microsoft
Internet Explorer Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 8.8
CVE-2021-27085 [HIGH] Internet Explorer Remote Code Execution Vulnerability
Internet Explorer Remote Code Execution Vulnerability
Internet Explorer: Internet Explorer
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000822
Reference: https://support.microsoft.com/help/5000822
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000808
Reference: https://support.microsoft.com/help/5000808
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000802
Reference: https://support.microsoft.com/help/5000802
GHSA
GHSA-vm76-5x29-7jx8: Internet Explorer Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-27085 [HIGH] GHSA-vm76-5x29-7jx8: Internet Explorer Remote Code Execution Vulnerability
Internet Explorer Remote Code Execution Vulnerability
VulnCheck
Microsoft Internet Explorer Remote Code Execution Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-27085 [HIGH] Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2021-Mar; https://twitter.com/blackorbird/status/1385062113085825027; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Talos
Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-03-09·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Nick Biasini.
Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year.
There are 14 critical vulnerabilities as part of this release and one considered of “low” severity. The remainder are all “important.” Three of the critical vulnerabilities are the ones Microsoft disclosed last week in Exchange Server that the company said state-sponsored actors exploited in the wild to steal emails. Microsoft also announced Monday they were releasing patches for older versions of Exchange Server.
All organizations using the affected software should prevent external access to port 443 on Exchange Servers, or set up a VPN to provide external access to port 443. Thi
Talos
Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-03-09·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Nick Biasini.
Microsoft released its monthly security update Tuesday, disclosing 89 vulnerabilities across its suite of products, the most in any month so far this year.
There are 14 critical vulnerabilities as part of this release and one considered of “low” severity. The remainder are all “important.” Three of the critical vulnerabilities are the ones Microsoft disclosed last week in Exchange Server that the company said state-sponsored actors exploited in the wild to steal emails . Microsoft also announced Monday they were releasing patches for older versions of Exchange Server .
All organizations using the affected software should prevent external access to
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-03-11
Published
2021-11-03
Added to CISA KEV
Exploited in the wild