CVE-2021-41335
published 2021-10-13CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Windows Kernel Elevation of Privilege Vulnerability
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19086 | 10.0.10240.19086 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4704 | 10.0.14393.4704 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2237 | 10.0.17763.2237 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1854 | 10.0.18363.1854 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1288 | 10.0.19042.1288 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1288 | 10.0.19043.1288 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25740 | 6.1.7601.25740 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25740 | 6.1.7601.25740 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20144 | 6.3.9600.20144 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25740 | 6.1.7601.25740 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25740 | 6.1.7601.25740 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23490 | 6.2.9200.23490 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20144 | 6.3.9600.20144 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4704 | 10.0.14393.4704 |
Microsoft
Windows Kernel Elevation of Privilege Vulnerability
vendor_msrc·2021-10-12·CVSS 7.8
CVE-2021-41335 [HIGH] Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel: Windows Kernel
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672
Reference: https://support.microsoft.com/help/5006672
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006667
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006670
Reference: https://support.microsoft.com/help/5006670
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006675
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q
GHSA
GHSA-pff3-746j-c8h5: Windows Kernel Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-41335 [HIGH] CWE-269 GHSA-pff3-746j-c8h5: Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities
blogs_qualys·2021-10-13·CVSS 9.0
CVE-2021-40449 [CRITICAL] Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities
## Microsoft Patch Tuesday – October 2021
Microsoft patched 74 vulnerabilities in their October 2021 Patch Tuesday release, of which three are rated as critical severity and four were previously reported as zero-days.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
This was a zero-day, and one of the four addressed by Microsoft this month. This vulnerability impacts the Win32K kernel driver. This is being actively exploited by IronHusky and Chinese APT groups. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability and it should be prioritized for patching.
CVE-2021- 40486 – Microsoft Word Remote Code Execution Vulnerability
This vulnerability is due to improper input validation in Microsoft Word. Adversaries
Qualys
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities | Qualys
blogs_qualys·2021-10-13·CVSS 9.0
CVE-2021-40449 [CRITICAL] Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities | Qualys
### Microsoft Patch Tuesday – October 2021
Microsoft patched 74 vulnerabilities in their October 2021 Patch Tuesday release, of which three are rated as critical severity and four were previously reported as zero-days.
### Critical Microsoft Vulnerabilities Patched
CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability
This was a zero-day, and one of the four addressed by Microsoft this month. This vulnerability impacts the Win32K kernel driver. This is being actively exploited by IronHusky and Chinese APT groups. Microsoft has assigned a CVSSv3 base score of 7.8 to this vulnerability and it should be prioritized for patching.
CVE-2021- 40486 – Microsoft Word Remote Code Execution Vulnerability
This vulnerability is due to improper input validation in Microsoft Word. Adversarie
Trendmicro
October Patch Tuesday: 3 Critical Bulletins Among 71
blogs_trendmicro·2021-10-13·CVSS 8.0
[HIGH] October Patch Tuesday: 3 Critical Bulletins Among 71
Exploits & Vulnerabilities
# October Patch Tuesday: 3 Critical Bulletins Among 71
The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities.
By: Trend Micro
2021/10/13
Read time: ( words)
Save to Folio
The October 2021 Patch Tuesday continues the quiet streak observed for the months of August and September. Out of 71 bulletins, only three were rated Critical this month. The list also included a fix for four publicly known vulnerabilities. Of the fixed vulnerabilities, 11 were disclosed via the Zero Day Initiative.
Three Critical patches and other notable vulnerabilities
Only three patches were rated Critical this month. Two of them were remote code execution (RCE) vulnerabilities (CVE
Tenable
Microsoft’s October 2021 Patch Tuesday Addresses 74 CVEs (CVE-2021-40449)
blogs_tenable·2021-10-12·CVSS 7.8
[HIGH] Microsoft’s October 2021 Patch Tuesday Addresses 74 CVEs (CVE-2021-40449)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2021-10-13
Published