CVE-2021-36948

CVSS v3.1 7.8 (High)

CVSS v2.0 4.6 (Medium)

EPSS 0.04 % (15^th)

Affected Products 8

Advisories 2

NVD Status Analyzed

Windows Update Medic Service Elevation of Privilege Vulnerability

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Microsoft Corporation
Published Date: 2021-08-12 18:15:10
(3 years ago)
Updated Date: 2024-07-26 19:30:11
(7 weeks ago)

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-36948

Vendor: Microsoft
Product: Windows
In CISA Catalog from: 2021-11-03
(2 years ago)
Due Date: 2021-11-17
(2 years ago)

Affected Products

Microsoft

Configuration #1

		CPE23	From	Up To
	Microsoft Windows 10 1809 prior 10.0.17763.2114 version	cpe:2.3:o:microsoft:windows_10_1809		< 10.0.17763.2114
	Microsoft Windows 10 1909 prior 10.0.18363.1734 version	cpe:2.3:o:microsoft:windows_10_1909		< 10.0.18363.1734
	Microsoft Windows 10 2004 prior 10.0.19041.1165 version	cpe:2.3:o:microsoft:windows_10_2004		< 10.0.19041.1165
	Microsoft Windows 10 20h2 prior 10.0.19042.1165 version	cpe:2.3:o:microsoft:windows_10_20h2		< 10.0.19042.1165
	Microsoft Windows 10 21h1 prior 10.0.19043.1165 version	cpe:2.3:o:microsoft:windows_10_21h1		< 10.0.19043.1165
	Microsoft Windows Server 2004 prior 10.0.19041.1165 version	cpe:2.3:o:microsoft:windows_server_2004		< 10.0.19041.1165
	Microsoft Windows Server 2019 prior 10.0.17763.2114 version	cpe:2.3:o:microsoft:windows_server_2019		< 10.0.17763.2114
	Microsoft Windows Server 20h2 prior 10.0.19042.1165 version	cpe:2.3:o:microsoft:windows_server_20h2		< 10.0.19042.1165