#VU58036 Permissions, Privileges, and Access Controls in Windows Server - CVE-2021-42278
Published: November 9, 2021 / Updated: September 18, 2023
Vulnerability identifier: #VU58036
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2021-42278
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Windows Server
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Active Directory Domain Services, which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.