CVE-2021-40477
published 2021-10-13CVE-2021-40477: Windows Event Tracing Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Windows Event Tracing Elevation of Privilege Vulnerability
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19086 | 10.0.10240.19086 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4704 | 10.0.14393.4704 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2237 | 10.0.17763.2237 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1854 | 10.0.18363.1854 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1288 | 10.0.19042.1288 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1288 | 10.0.19043.1288 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.258 | 10.0.22000.258 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20144 | 6.3.9600.20144 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23490 | 6.2.9200.23490 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20144 | 6.3.9600.20144 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4704 | 10.0.14393.4704 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2237 | 10.0.17763.2237 |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.288 | 10.0.20348.288 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1288 | 10.0.19042.1288 |
GHSA
GHSA-f44v-c5f2-rwqc: Windows Event Tracing Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-40477 [HIGH] CWE-269 GHSA-f44v-c5f2-rwqc: Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Microsoft
Windows Event Tracing Elevation of Privilege Vulnerability
vendor_msrc·2021-10-12·CVSS 7.8
CVE-2021-40477 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing: Windows Event Tracing
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672
Reference: https://support.microsoft.com/help/5006672
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006667
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006670
Reference: https://support.microsoft.com/help/5006670
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006699
Reference: https://catalog.update.microsoft.com/v
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-13
Published