1. Home
  2. Vulnerabilities
  3. CVE-2021-41379

CVE-2021-41379

CVSS v3.1 5.5 (Medium)
55% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 0.32 % (71th)
0.32% Progress
Affected Products 18
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows Installer Elevation of Privilege Vulnerability

Weaknesses
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2021-11-10 01:19:32
(2 years ago)
Updated Date
2024-07-24 16:21:53
(8 weeks ago)
Microsoft Windows Installer Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Known
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-41379
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2022-03-03
(2 years ago)
Due Date
2022-03-17
(2 years ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19119 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19119
  Microsoft Windows 10 1607 prior 10.0.14393.4770 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.4770
  Microsoft Windows 10 1809 prior 10.0.17763.2300 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.2300
  Microsoft Windows 10 1909 prior 10.0.18363.1916 version cpe:2.3:o:microsoft:windows_10_1909 < 10.0.18363.1916
  Microsoft Windows 10 2004 prior 10.0.19041.1348 version cpe:2.3:o:microsoft:windows_10_2004 < 10.0.19041.1348
  Microsoft Windows 10 20h2 prior 10.0.19042.1348 version cpe:2.3:o:microsoft:windows_10_20h2 < 10.0.19042.1348
  Microsoft Windows 10 21h1 prior 10.0.19043.1348 version cpe:2.3:o:microsoft:windows_10_21h1 < 10.0.19043.1348
  Microsoft Windows 11 21h2 prior 10.0.22000.318 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.318
  Microsoft Windows 7 SP1 cpe:2.3:o:microsoft:windows_7:-:sp1
  Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2004 prior 10.0.19041.1348 version cpe:2.3:o:microsoft:windows_server_2004 < 10.0.19041.1348
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.4770 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.4770
  Microsoft Windows Server 2019 prior 10.0.17763.2300 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.2300
  Microsoft Windows Server 2022 prior 10.0.20348.350 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.350
  Microsoft Windows Server 20h2 prior 10.0.19042.1348 version cpe:2.3:o:microsoft:windows_server_20h2 < 10.0.19042.1348