#VU58034 Permissions, Privileges, and Access Controls in Windows Server - CVE-2021-42287
Published: November 9, 2021 / Updated: September 18, 2023
Vulnerability identifier: #VU58034
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2021-42287
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Windows Server
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Active Directory Domain Services, which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.