⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2021-11-17.

CVE-2021-36942PetitPotam: Exposed Dangerous Method or Function in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-749Exposed Dangerous Method or Function8 documents6 sources
Severity
7.5HIGHCNA
No vector
EPSS
93.7%
top 0.15%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2012+5 more
Timeline
PublishedAug 12
KEV addedNov 3
KEV dueNov 17
Latest updateJun 1
CISA Required Action: Apply updates per vendor instructions.

Description

Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability

Affected Packages8 packages

CVEListV5microsoft/windows_server_20126.2.06.2.9200.23435
CVEListV5microsoft/windows_server_201610.0.010.0.14393.4583
CVEListV5microsoft/windows_server_201910.0.010.0.17763.2114
CVEListV5microsoft/windows_server_2012_r26.3.06.3.9600.20094
CVEListV5microsoft/windows_server_version_200410.0.010.0.19041.1165

🔴Vulnerability Details

4
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
Project0
Using Kerberos for Authentication Relay Attacks - Project Zero2021-10-01
CVEList
Windows LSA Spoofing Vulnerability2021-08-12
VulnCheck
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability2021

📋Vendor Advisories

2
CISA
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability2021-11-03
Microsoft
Windows LSA Spoofing Vulnerability2021-08-10

🕵️Threat Intelligence

2
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) - Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities | Qualys2021-08-10
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities2021-08-10
CVE-2021-36942 — PetitPotam | cvebase