CVE-2021-28445
published 2021-04-13CVE-2021-28445: Windows Network File System Remote Code Execution Vulnerability
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Windows Network File System Remote Code Execution Vulnerability
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1607 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1809 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1909 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_2004 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < publication | publication |
| microsoft | windows_7 | >= 6.1.0 < publication | publication |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_8.1 | >= 6.3.0 < publication | publication |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < publication | publication |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < publication | publication |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < publication | publication |
GHSA
GHSA-775f-h55p-5pqf: Windows Network File System Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-28445 [HIGH] GHSA-775f-h55p-5pqf: Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Microsoft
Windows Network File System Remote Code Execution Vulnerability
vendor_msrc·2021-04-13·CVSS 8.1
CVE-2021-28445 [HIGH] Windows Network File System Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Network File System: Windows Network File System
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5001342
Reference: https://support.microsoft.com/help/5001342
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5001337
Reference: https://support.microsoft.com/help/5001337
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5001330
Reference: https://support.microsoft.com/help/5001330
Reference: https://catalog.update.microsoft.com/v7/site/Sea
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-04-13·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Vanja Svajcer.
Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year.
Four new remote code execution vulnerabilities in Microsoft Exchange Server are included in today's security update. Microsoft disclosed multiple zero-day vulnerabilities in Exchange Server earlier this year that attackers were exploiting in the wild. Talos encourages everyone with an affected product to update as soon as possible if they have not already and put other mitigation strategies into place in the meantime. Users can also detect the exploitation of the previously disclosed vulnerabil
Talos
Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-04-13·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Vanja Svajcer.
Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year.
Four new remote code execution vulnerabilities in Microsoft Exchange Server are included in today's security update. Microsoft disclosed multiple zero-day vulnerabilities in Exchange Server earlier this year that attackers were exploiting in the wild. Talos encourages everyone with an affected product to update as soon as possible if they have not already and put other mitigation strategies into place in the meantime. Users can also detect the exploitation of the previously disclosed vulnerabilities with Cisco Secure IPS.
The new vulnerabilities Microsoft disclosed today are ide
Crowdstrike
2021 April Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] 2021 April Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
2021 April Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] 2021 April Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2021-04-13
Published