9.3

CVE-2021-31956

Warning

Windows NTFS Elevation of Privilege Vulnerability

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 10 Version1809
MicrosoftWindows 10 1507 Version < 10.0.10240.18967
MicrosoftWindows 10 1607 Version < 10.0.14393.4467
MicrosoftWindows 10 1809 Version < 10.0.17763.1999
MicrosoftWindows 10 1909 Version < 10.0.18363.1621
MicrosoftWindows 10 2004 Version < 10.0.19041.1052
MicrosoftWindows 10 20h2 Version < 10.0.19042.1052
MicrosoftWindows 10 21h1 Version < 10.0.19043.1052
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2004 Version < 10.0.19041.1052
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version < 10.0.14393.4467
MicrosoftWindows Server 2019 Version < 10.0.17763.1999
MicrosoftWindows Server 20h2 Version < 10.0.19042.1052

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows NTFS Privilege Escalation Vulnerability

Vulnerability

Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 88.88% 0.995
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.