CVE-2021-41379Win Install File Takeover

Leave a Comment / Uncategorized
Windows Installer keeps popping up or starting - Preparng to install

Windows Installer Elevation of Privilege Vulnerability

HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379Patch  Vendor Advisory 
https://www.zerodayinitiative.com/advisories/ZDI-21-1308/Third Party Advisory 

Weakness Enumeration

CWE-IDCWE NameSource
CWE-269Improper Privilege Managementcwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

 cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
   Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
   Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-41379
NVD Published Date:
11/09/2021
NVD Last Modified:
11/12/2021
Source:
Microsoft Corporation

Leave a Comment

Your email address will not be published.