cvelistv5 - cve-2021-34527

CVE-2021-34527 (GCVE-0-2021-34527)

Vulnerability from cvelistv5 – Published: 2021-07-02 21:25 – Updated: 2025-11-04 19:12

CISA

Summary

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ): <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
	http://packetstormsecurity.com/files/167261/Print…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Windows 10 Version 1809

Affected: 10.0.0 , < 10.0.17763.2029 (custom)
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x86:*
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x64:*
 cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:arm64:*

Microsoft	Windows Server 2019	Affected: 10.0.0 , < 10.0.17763.2029 (custom) cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:::::::*
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.0 , < 10.0.17763.2029 (custom) cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:::::::*
Microsoft	Windows Server 2022	Affected: 10.0.0 , < 10.0.20348.230 (custom) cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:::::::*
Microsoft	Windows 10 Version 20H2	Affected: 10.0.0 , < 10.0.19042.1083 (custom) cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083::::::x86: cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083::::::arm64:
Microsoft	Windows Server version 20H2	Affected: 10.0.0 , < 10.0.19042.1083 (custom) cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1083:::::::*
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22000.318 (custom) cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318::::::x64: cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318::::::arm64:
Microsoft	Windows 10 Version 21H2	Affected: 10.0.0 , < 10.0.19044.1415 (custom) cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415::::::x86: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415::::::arm64: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415::::::x64:
Microsoft	Windows 11 version 22H2	Affected: 10.0.0 , < 10.0.22621.674 (custom) cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674::::::arm64: cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674::::::x64:
Microsoft	Windows 10 Version 22H2	Affected: 10.0.0 , < 10.0.19045.2251 (custom) cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251::::::x64: cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251::::::arm64: cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251::::::x86:
Microsoft	Windows 10 Version 1507	Affected: 10.0.0 , < 10.0.10240.18969 (custom) cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969::::::x86: cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969::::::x64:
Microsoft	Windows 10 Version 1607	Affected: 10.0.0 , < 10.0.14393.4470 (custom) cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470::::::x86: cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470::::::x64:
Microsoft	Windows Server 2016	Affected: 10.0.0 , < 10.0.14393.4470 (custom) cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:::::::*
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.0 , < 10.0.14393.4470 (custom) cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:::::::*
Microsoft	Windows 8.1	Affected: 6.3.0 , < 6.3.9600.20046 (custom) cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20046:::::::*
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.0 , < 6.0.6003.21138 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138::::::x64:
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	Affected: 6.0.0 , < 6.0.6003.21138 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138::::::x86:
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.0 , < 6.0.6003.21138 (custom) cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138::::::x86:
Microsoft	Windows Server 2008 R2 Service Pack 1	Affected: 6.1.0 , < 6.1.7601.25633 (custom) cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633::::::x64:
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	Affected: 6.0.0 , < 6.1.7601.25633 (custom) cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633::::::x64:
Microsoft	Windows Server 2012	Affected: 6.2.0 , < 6.2.9200.23383 (custom) cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383::::::x64:
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.0 , < 6.2.9200.23383 (custom) cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383::::::x64:
Microsoft	Windows Server 2012 R2	Affected: 6.3.0 , < 6.3.9600.20046 (custom) cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046::::::x64:
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.0 , < 6.3.9600.20046 (custom) cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046::::::x64:

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-07-20

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34527",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-24T16:04:14.042095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:41.970Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-34527 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:33.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/383432"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2029",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2029",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2029",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.230",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1083",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1083:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1083",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.318",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.1415",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.674",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.2251",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.18969",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4470",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4470",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4470",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20046:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20046",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21138",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21138",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21138",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25633",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.25633",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.23383",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.23383",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20046",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20046",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-07-01T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-28T22:37:17.773Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
        }
      ],
      "title": "Windows Print Spooler Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-34527",
    "datePublished": "2021-07-02T21:25:11.000Z",
    "dateReserved": "2021-06-09T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:33.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-34527",
      "cwes": "[\"CWE-269\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-07-20",
      "knownRansomwareCampaignUse": "Known",
      "notes": "Reference CISA\u0027s ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-07-20",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.10240.18969\", \"matchCriteriaId\": \"8C882409-BB85-490B-9D50-571B16C0DE86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.14393.4470\", \"matchCriteriaId\": \"217CDA93-36DA-49AE-9B8F-61D2E155B4F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.17763.2029\", \"matchCriteriaId\": \"B9D38F0E-B058-44EE-9C75-A96EBEA360A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19042.1083\", \"matchCriteriaId\": \"413EBEFB-B185-4D3E-840B-9F37AA041229\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19044.1415\", \"matchCriteriaId\": \"4B773592-2AC2-48CD-A6B3-98D2632A2F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19045.2251\", \"matchCriteriaId\": \"71F26E89-0870-4C4A-81FE-F9F793A9E706\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22000.318\", \"matchCriteriaId\": \"193B0B19-6DD7-4DF3-B133-D66B27C34E9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.22621.674\", \"matchCriteriaId\": \"9DEC0AE5-324C-4117-ADFD-D8425D01C575\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.14393.4470\", \"matchCriteriaId\": \"E90B2736-F3AC-4CA9-9817-1CCC320B854D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.17763.2029\", \"matchCriteriaId\": \"81CDECCC-4AB5-406B-B265-3C1760D01339\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.20348.230\", \"matchCriteriaId\": \"0663409D-4AE8-4BD9-85FE-9EAED15AE9DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19042.1083\", \"matchCriteriaId\": \"5B0C7DE0-3E5C-4112-A7AD-FC195C3E2E62\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eHKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\Printers\\\\PointAndPrint\u003c/li\u003e\\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\\\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\\\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \\u201cPrintNightmare\\u201d, documented in CVE-2021-34527.\u003c/p\u003e\\n\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la ejecuci\\u00f3n de c\\u00f3digo remota de Windows Print Spooler\"}]",
      "id": "CVE-2021-34527",
      "lastModified": "2024-11-21T06:10:36.397",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-07-02T22:15:08.757",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-34527\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-07-02T22:15:08.757\",\"lastModified\":\"2025-11-06T14:51:15.250\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eHKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\Printers\\\\PointAndPrint\u003c/li\u003e\\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\\\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\\\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la ejecuci\u00f3n de c\u00f3digo remota de Windows Print Spooler\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-07-20\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Windows Print Spooler Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.10240.18969\",\"matchCriteriaId\":\"8C882409-BB85-490B-9D50-571B16C0DE86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.4470\",\"matchCriteriaId\":\"217CDA93-36DA-49AE-9B8F-61D2E155B4F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.2029\",\"matchCriteriaId\":\"B9D38F0E-B058-44EE-9C75-A96EBEA360A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.1083\",\"matchCriteriaId\":\"413EBEFB-B185-4D3E-840B-9F37AA041229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.1415\",\"matchCriteriaId\":\"4B773592-2AC2-48CD-A6B3-98D2632A2F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.2251\",\"matchCriteriaId\":\"71F26E89-0870-4C4A-81FE-F9F793A9E706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.318\",\"matchCriteriaId\":\"193B0B19-6DD7-4DF3-B133-D66B27C34E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.674\",\"matchCriteriaId\":\"9DEC0AE5-324C-4117-ADFD-D8425D01C575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.4470\",\"matchCriteriaId\":\"E90B2736-F3AC-4CA9-9817-1CCC320B854D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.2029\",\"matchCriteriaId\":\"81CDECCC-4AB5-406B-B265-3C1760D01339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.230\",\"matchCriteriaId\":\"0663409D-4AE8-4BD9-85FE-9EAED15AE9DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.1083\",\"matchCriteriaId\":\"5B0C7DE0-3E5C-4112-A7AD-FC195C3E2E62\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/383432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/383432\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T19:12:33.128Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-34527\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-24T16:04:14.042095Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00+00:00\", \"value\": \"CVE-2021-34527 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-10T18:29:25.377Z\"}}], \"cna\": {\"title\": \"Windows Print Spooler Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2029:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1809\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2029\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2029\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2029:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2029\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.20348.230\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1083:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19042.1083\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1083:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19042.1083\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 21H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.22000.318\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*\", \"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 21H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19044.1415\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:arm64:*\", \"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.674:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.22621.674\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:arm64:*\", \"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2251:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19045.2251\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\", \"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.18969:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1507\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.10240.18969\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4470:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1607\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.14393.4470\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.14393.4470\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4470:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2016 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.14393.4470\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20046:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 8.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.9600.20046\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 Service Pack 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21138\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 Service Pack 2 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21138\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21138:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008  Service Pack 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21138\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 R2 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.7601.25633\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25633:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 R2 Service Pack 1 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.1.7601.25633\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.9200.23383\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23383:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.9200.23383\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 R2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.9600.20046\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20046:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 R2 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.9600.20046\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2021-07-01T07:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003eHKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\Printers\\\\PointAndPrint\u003c/li\u003e\\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\\n\u003c/ul\u003e\\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\\\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\\\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \\u201cPrintNightmare\\u201d, documented in CVE-2021-34527.\u003c/p\u003e\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2023-12-28T22:37:17.773Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-34527\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T19:12:33.128Z\", \"dateReserved\": \"2021-06-09T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-07-02T21:25:11.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2021-ALE-014

Vulnerability from certfr_alerte - Published: - Updated:

[version du 12 août 2021]

Le 11 août 2021, Microsoft a publié un avis concernant la vulnérabilité CVE-2021-36958 affectant le spouleur d’impression (print spooler). Microsoft indique que cette vulnérabilité permet une exécution de code arbitraire à distance. Le CERT/CC ajoute qu'en se connectant à une imprimante malveillante, l'attaquant peut exécuter du code arbitraire avec les privilèges SYSTEM [8].

Aucun correctif n'est disponible pour l'instant. Microsoft conseille donc de désactiver le service.

Comme la désactivation complète des impressions est difficilement réalisable, le CERT-FR renvoie vers les recommandations formulées dans le paragraphe [version initiale].

[version du 11 août]

Microsoft a publié une mise à jour de sécurité (KB5005652) corrigeant la vulnérabilité référencée par l'identifiant CVE-2021-34481 [7]. Point important : Microsoft a récemment pris connaissance d'un scénario d'attaque à distance pour cette vulnérabilité dont l'impact initial se restreignait alors seulement à une élévation de privilèges locaux. Ainsi, Microsoft a donc révisé son évaluation en conséquence. Le score CVSSv3 de cette vulnérabilité s'élève maintenant à 8.8. Nous vous recommandons d'installer ces mises à jour immédiatement.

[version du 16 juillet, 15h30]

Le 6 juillet 2021, Microsoft annonçait un correctif pour la CVE-2021-34527 afin de protéger les systèmes Windows contre une attaque distante. Cependant, le 15 juillet 2021, Microsoft a publié un bulletin de sécurité [3] qui confirme l'existence d'une vulnérabilité non corrigée permettant une élévation locale des privilèges avec les privilèges SYSTEM. Cette vulnérabilité est référencée par l'identifiant CVE-2021-34481 [4]. L'attaquant exploite la vulnérabilité en accédant au système cible localement. Il peut également s'appuyer sur une interaction avec l'utilisateur pour effectuer les actions requises afin d'exploiter la vulnérabilité (ex. : inciter un utilisateur légitime à ouvrir un document malveillant).

Le CERT-FR rappelle que les recommandations ci-dessous sont toujours valables. Par ailleurs, des compléments d'aide à la détection ont été ajoutés ci-après.

[version du 12 juillet, 15h30] Correction d'une erreur dans le nom du chemin "C:\Windows\System32\spool\drivers", il s'agit bien de "drivers" et non pas "driver".

[version du 08 juillet 2021 14h30] Le correctif publié par Microsoft ainsi que la sécurisation de la fonctionnalité "Point and Print" (décrite ci-dessous) permettent de se prémunir contre une exécution de code arbitraire à distance. L'application de ces mesures permet d'envisager la réactivation de l'impression distante sur les serveurs d'impression (cf. ci-dessous).

[version du 08 juillet 2021 09h00 : information concernant la publication des correctifs, ajout d'une recommandation de l'éditeur] voir ci-dessous.

[version du 07 juillet 2021 10h00 : information concernant la publication des correctifs] se référer à la section "Solution".

[version initiale]

Cette alerte annule et remplace l’alerte CERT-FR CERTFR-2021-ALE-013.

Le 29 juin 2021, deux chercheurs ont présenté une façon d’exploiter une vulnérabilité affectant le spouleur d’impression (print spooler) et permettant une exécution de code à distance, entraînant une élévation de privilèges avec les droits SYSTEM.

Le 1^er juillet 2021, Microsoft a publié un avis de sécurité indiquant que cette vulnérabilité « jour zéro » (zero day) est différente de la vulnérabilité CVE-2021-1675 initialement corrigée lors du Patch Tuesday du 09 juin 2021.

Cette nouvelle vulnérabilité, CVE-2021-34527, affecte le spouleur d’impression (print spooler) qui est un composant du système d’exploitation Windows activé par défaut. Elle permet à un attaquant d’exécuter du code arbitraire à distance avec les droits SYSTEM.

Des codes d'exploitation sont publiquement disponibles sur Internet, ce qui signifie que l’exploitation de cette vulnérabilité est imminente ou déjà en cours.

Ces codes exploitent la possibilité offerte par le service spouleur d'impression de téléverser un pilote, dans le cadre de l’ajout d’une nouvelle imprimante, pour installer un code malveillant. Ce service étant activé par défaut, tout système Windows est donc actuellement vulnérable, avec la possibilité d'une exploitation à distance.

En particulier, au sein d'un système d'information Microsoft, les contrôleurs de domaine Active Directory sont particulièrement exposés, puisqu'un attaquant, ayant préalablement compromis un poste utilisateur, pourra in fine obtenir les droits et privilèges de niveau "administrateur de domaine" Active Directory.

L’ANSSI recommande fortement de réaliser les actions suivantes :

pour tous les systèmes ne nécessitant pas le service d'impression, en particulier pour les contrôleurs de domaine (le CERT-FR recommande fortement de ne jamais activer le service spouleur d'impression sur les contrôleurs de domaine) :
- modifier le type de démarrage vers la valeur "Désactivé" / "Disabled" pour le service "Spooler" (description : "Spouleur d'impression" / "Print Spooler", exécutable : "spoolsv.exe"),
- une fois le service désactivé, il est nécessaire d’arrêter manuellement le service ou de redémarrer la machine ;
appliquer une politique de filtrage réseau afin d'éviter les latéralisations sur les systèmes nécessitant le service d'impression (notamment les postes de travail) : on pourra notamment utiliser le pare-feu intégré pour interdire les connexions entrantes sur les ports 445 et 139 (canaux nommés SMB) ainsi qu'interdire les connexions à destination du processus spoolsv.exe ;
[08 juillet 2021 14h30] sur les équipements non corrigés ou qui ne sont pas des serveurs d'impression, désactiver la prise en compte des demandes d’impression distante sur l’ensemble des systèmes, tout en laissant la possibilité de lancer une impression locale. Ce paramètre peut être défini à l’aide d’une Stratégie de Groupe (Group Policy) : le paramètre « Autoriser le spouleur d’impression à accepter les connexions des clients » doit être à l’état « Désactivé »/« Disabled » (« Configuration ordinateur » / «Modèle d’administration » / « Imprimantes ») ;
mettre en place une détection système et réseau dans le but de détecter les exploitations sur les équipements vulnérables, les éventuelles latéralisations ainsi que la compromission des contrôles de domaine Active Directory ;
suivre les recommandations de sécurisation d'Active Directory [1].

Informations d'aide à la détection système

Une première mesure de détection des codes d'exploitation actuels consistera en la surveillance des processus enfant créés par le processus spoolsv.exe, les codes d'exploitation utilisant cette technique pour exécuter un code malveillant. Pour tracer la création d'un processus fils, on peut regarder les évènements suivants :

l'évènement numéro 4688 du fournisseur "Microsoft-Windows-Security-Auditing" enregistré dans le journal de sécurité, si la stratégie est configurée pour le générer car cet évènement n'est pas produit par défaut ;
l'évènement numéro 1 du fournisseur "Microsoft-Windows-Sysmon" enregistré dans le journal sysmon si l'outil System Monitor est installé.

Il convient de noter que les moyens de détection ci-dessus sont pertinents dans le cadre de la détection d'une exploitation à l'aide des codes publiés le 29 juin 2021.

En complément, il pourrait être utile de tracer :

l’évènement numéro 11 du fournisseur "Microsoft-Windows-Security-Mitigations/KernelMode", qui pourra être utilisé afin d’identifier le chargement d’une bibliothèque dynamique (dll) non signée (champs SignatureLevel et ImageName) par le processus spoolsv.exe (« ProcessPath:*\Windows\System32\spoolsv.exe »).
l’évènement numéro 7 du fournisseur "Microsoft-Windows-Sysmon/Operational" avec une configuration appropriée de System Monitor pour identifier le chargement de bibliothèque (dll) par le processus spoolsv.exe ("Image:\C:\Windows\System32\spoolsv.exe") depuis le répertoire de pilote (champ "ImageLoaded:C:\Windows\System32\spool\drivers\*") avec le champ "Signed" à false
[16 juillet 2021] L’évènement numéro 808 du fournisseur "Microsoft-Windows-PrintService/Admin" indique qu'une erreur est survenue lors du chargement d'un pilote (le chemin de la dll est mentionné par le champ PluginDllName). Un nom peu commun peut être considéré comme un marqueur. Note: l'enregistrement de cet évènement est activé par défaut.
[16 juillet 2021] Certaines valeurs non usuelles remontées par l’évènement numéro 13 du fournisseur "Microsoft-Windows-Sysmon/Operational" peuvent indiquer une exploitation. Par exemple : DriverVersion=0.0.0.0, DriverDate=01/01/1601 ou encore Manufacturer=(Empty). L'installation d'un pilote d'imprimante avec une valeur "Manufacturer" vide est une action devant être considérée comme suspecte. De plus, si les clés "Configuration File" et "Data File" contiennent la même valeur, cela peut-être considéré comme une exploitation réussie. Note : la configuration doit être modifiée pour surveiller les modifications de registre dans HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-* par spoolsv.exe. Une règle Sigma peut être consultée en suivant le lien [5].
[16 juillet 2021] Les codes d'exploitation publiques montrent un caractère déterministe permettant une mise en détection à l'aide de l’évènement numéro 316 du fournisseur "Microsoft-Windows-PrintService/Operational". En effet, le champs Param1 contient le nom du driver (1234, Mimikatz…) et le champs Param4 les valeurs de pDriverPath, pConfigFile, pDataFile. On s’intéressera particulièrement à une valeur suspecte de pDataFile ou de Param1. Quand l'exploitation est réussie, pConfigFile et pDataFile ont la même valeur : la DLL malveillante. Note : cet évènement n'est pas activé par défaut, il s'active de la façon suivante : wevtutil.exe sl "Microsoft-Windows-PrintService/Operational" /e:True. Une règle Sigma peut être consultée en suivant le lien [6].

Enfin, l’éditeur met à disposition un ensemble d’informations pour les utilisateurs de la solution Microsoft 365 Defender [2].

Solution

[05 janvier 2022] La vulnérabilité CVE-2021-36958 a été corrigée dans le Patch Tuesday de septembre 2021 : https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/.

[16 juillet 2021] Le CERT-FR actualisera cette alerte lorsqu'un correctif sera disponible pour la vulnérabilité CVE-2021-36958.

[11 août 2021] Microsoft a publié un correctif pour la vulnérabilité CVE CVE-2021-34481. Le CERT-FR recommande son installation dans les plus brefs délais.

[16 juillet 2021] Le CERT-FR actualisera cette alerte lorsqu'un correctif sera disponible pour la CVE CVE-2021-34481.

[08 juillet 2021 14h30] Le CERT-FR recommande très fortement d'appliquer le correctif sans délai, même si celui-ci semble corriger uniquement l'exécution de code arbitraire à distance et non l'escalade de privilège en local.

En outre, il est obligatoire de respecter la recommandation de l'éditeur concernant la fonctionnalité "Point and Print" en s'assurant que, si les clés de registre existent (ce n'est pas le cas par défaut), celles-ci sont bien définies avec les valeurs suivantes :

la clé de registre NoWarningNoElevationOnInstall (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint) doit être absente ou égale à 0 (DWORD)
la clé de registre NoWarningNoElevationOnUpdate (même emplacement) doit être absente ou égale à 0 (DWORD)

[06 juillet 2021] L'éditeur a publié des correctifs pour les versions maintenues de son système d'exploitation, à l'exception des versions Windows 2012 R2, Windows 2016 et Windows 10 Version 1607 pour lesquelles un correctif sera publié ultérieurement.

[08 juillet 2021] Des correctifs sont désormais disponibles pour toutes les versions maintenues de Microsoft Windows.

Important : Il convient de noter que les versions qui ne sont plus maintenues, telles que Windows 10 Version 1903, sont affectées par la vulnérabilité mais ne seront pas corrigées.

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 8.1 for 32-bit systems
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 10 Version 1607 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 21H1 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 2004 for x64-based Systems
Microsoft	Windows	Windows Server, version 20H2 (Server Core Installation)
Microsoft	Windows	Windows 10 Version 1809 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 21H1 for x64-based Systems
Microsoft	Windows	Windows 10 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1809 for 32-bit Systems
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 7 for 32-bit Systems Service Pack 1
Microsoft	Windows	Windows 8.1 for x64-based systems
Microsoft	Windows	Windows 10 Version 2004 for 32-bit Systems
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows 10 Version 1909 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1909 for x64-based Systems
Microsoft	Windows	Windows 10 Version 20H2 for x64-based Systems
Microsoft	Windows	Windows 7 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows 10 Version 2004 for ARM64-based Systems
Microsoft	Windows	Windows 10 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1809 for x64-based Systems
Microsoft	Windows	Windows 10 Version 1909 for ARM64-based Systems
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows 10 Version 21H1 for ARM64-based Systems

References

Title

Publication Time

Tags

[3] Bulletin de sécurité Microsoft CVE-2021-34481	2021-07-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-36958	2021-08-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-34527	2021-07-01	vendor-advisory
[6]	-	other
[5]	-	other
Avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021	-	other
[8] Bulletin du CERT/CC VU#131152 du 18 juillet 2021	-	other
[7]	-	other
[2] guide Microsoft 365 Defender	-	other
[1] Points de contrôle Active Directory définis par l'ANSSI	-	other
Avis CERT-FR CERTFR-2021-AVI-618 du 11 août 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for 32-bit systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 20H2 (Server Core Installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for 32-bit Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for x64-based systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2022-01-05",
  "content": "## Solution\n\n**\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003e\\[05 janvier 2022\\] La\nvuln\u00e9rabilit\u00e9 CVE-2021-36958 a \u00e9t\u00e9 corrig\u00e9e dans le Patch Tuesday de\nseptembre 2021 :\n\u003ca href=\"https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/\"\nclass=\"linkified\" rel=\"noreferrer nofollow noopener\"\ntarget=\"_blank\"\u003ehttps://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e**\n\n**\\[16 juillet 2021\\] Le CERT-FR actualisera cette alerte lorsqu\u0027un\ncorrectif sera disponible pour la vuln\u00e9rabilit\u00e9 CVE-2021-36958.**\n\n**\\[11 ao\u00fbt 2021\\] Microsoft a publi\u00e9 un correctif pour la vuln\u00e9rabilit\u00e9\nCVE CVE-2021-34481.** Le CERT-FR recommande son installation dans les\nplus brefs d\u00e9lais.\n\n\u003cs\u003e**\\[16 juillet 2021\\] Le CERT-FR actualisera cette alerte lorsqu\u0027un\ncorrectif sera disponible pour la CVE CVE-2021-34481.**\u003c/s\u003e\n\n**\\[08 juillet 2021 14h30\\] Le CERT-FR recommande tr\u00e8s fortement\nd\u0027appliquer le correctif sans d\u00e9lai,** m\u00eame si celui-ci semble corriger\nuniquement l\u0027ex\u00e9cution de code arbitraire \u00e0 distance et non l\u0027escalade\nde privil\u00e8ge en local.\n\n**En outre, il est obligatoire de respecter la recommandation de\nl\u0027\u00e9diteur concernant la fonctionnalit\u00e9 \"*Point and Print*\"** en\ns\u0027assurant que, si les cl\u00e9s de registre existent (ce n\u0027est pas le cas\npar d\u00e9faut), celles-ci sont bien d\u00e9finies avec les valeurs suivantes :\n\n-   la cl\u00e9 de registre NoWarningNoElevationOnInstall\n    (HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\n    NT\\\\Printers\\\\PointAndPrint) doit \u00eatre absente ou \u00e9gale \u00e0 0 (DWORD)\n-   la cl\u00e9 de registre NoWarningNoElevationOnUpdate (m\u00eame emplacement)\n    doit \u00eatre absente ou \u00e9gale \u00e0 0 (DWORD)\n\n\u003cs\u003e**\\[06 juillet 2021\\]** L\u0027\u00e9diteur a publi\u00e9 des correctifs pour les\nversions maintenues de son syst\u00e8me d\u0027exploitation, \u00e0 l\u0027exception des\nversions Windows 2012 R2, Windows 2016 et Windows 10 Version 1607 pour\nlesquelles un correctif sera publi\u00e9 ult\u00e9rieurement.\u003c/s\u003e\n\n\u003cs\u003e**\\[08 juillet 2021\\]** Des correctifs sont d\u00e9sormais disponibles\npour toutes les versions maintenues de Microsoft Windows.\u003c/s\u003e\n\n**Important** : Il convient de noter que les versions qui ne sont plus\nmaintenues, telles que Windows 10 Version 1903, sont affect\u00e9es par la\nvuln\u00e9rabilit\u00e9 mais ne seront pas corrig\u00e9es.\n",
  "cves": [
    {
      "name": "CVE-2021-34481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34481"
    },
    {
      "name": "CVE-2021-36958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36958"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    }
  ],
  "links": [
    {
      "title": "[6]",
      "url": "https://github.com/SigmaHQ/sigma/blob/7584471e2ae06d756751ca40556782fe6fd5981d/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler_operational.yml"
    },
    {
      "title": "[5]",
      "url": "https://github.com/SigmaHQ/sigma/blob/b09efee0452e7be7773807d8761a83d7fc54e033/rules/windows/registry_event/sysmon_registry_susp_printer_driver.yml"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-506/"
    },
    {
      "title": "[8] Bulletin du CERT/CC VU#131152 du 18 juillet 2021",
      "url": "https://kb.cert.org/vuls/id/131152"
    },
    {
      "title": "[7]",
      "url": "https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872"
    },
    {
      "title": "[2] guide Microsoft 365 Defender",
      "url": "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/tree/master/Exploits/Print%20Spooler%20RCE"
    },
    {
      "title": "[1] Points de contr\u00f4le Active Directory d\u00e9finis par l\u0027ANSSI",
      "url": "https://www.cert.ssi.gouv.fr/dur/CERTFR-2020-DUR-001/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-618 du 11 ao\u00fbt 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-618/"
    }
  ],
  "reference": "CERTFR-2021-ALE-014",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-02T00:00:00.000000"
    },
    {
      "description": "Publication de correctifs pour la plupart des versions de Microsoft Windows",
      "revision_date": "2021-07-07T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021.",
      "revision_date": "2021-07-07T00:00:00.000000"
    },
    {
      "description": "Publication de correctifs pour toutes les versions, recommandation \u00e9diteur suppl\u00e9mentaire",
      "revision_date": "2021-07-08T00:00:00.000000"
    },
    {
      "description": "Clarification des recommandations",
      "revision_date": "2021-07-08T00:00:00.000000"
    },
    {
      "description": "correction chemin ImageLoaded:C:WindowsSystem32spooldrivers",
      "revision_date": "2021-07-12T00:00:00.000000"
    },
    {
      "description": "D\u00e9claration d\u0027une nouvelle CVE et compl\u00e9ments d\u0027information sur la d\u00e9tection syst\u00e8me",
      "revision_date": "2021-07-16T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour de l\u0027avis de l\u0027\u00e9diteur avec correctifs.",
      "revision_date": "2021-08-11T00:00:00.000000"
    },
    {
      "description": "Modification du titre, ajout de la vuln\u00e9rabilit\u00e9 CVE-2021-36958",
      "revision_date": "2021-08-12T00:00:00.000000"
    },
    {
      "description": "Mention de la disponibilit\u00e9 du correctif pour la vuln\u00e9rabilit\u00e9 CVE-2021-36958.",
      "revision_date": "2022-01-05T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2022-01-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 12 ao\u00fbt 2021\\]\u003c/strong\u003e\n\nLe 11 ao\u00fbt 2021, Microsoft a publi\u00e9 un avis concernant la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-36958\u00a0affectant le spouleur d\u2019impression (*print\nspooler*). Microsoft indique que cette vuln\u00e9rabilit\u00e9 permet une\nex\u00e9cution de code arbitraire \u00e0 distance. Le CERT/CC ajoute qu\u0027en se\nconnectant \u00e0 une imprimante malveillante, l\u0027attaquant peut ex\u00e9cuter du\ncode arbitraire avec les privil\u00e8ges *SYSTEM* \\[8\\].\n\nAucun correctif n\u0027est disponible pour l\u0027instant. Microsoft conseille\ndonc de d\u00e9sactiver le service.\n\nComme la d\u00e9sactivation compl\u00e8te des impressions est difficilement\nr\u00e9alisable, le CERT-FR renvoie vers les recommandations formul\u00e9es dans\nle paragraphe \\[version initiale\\].\n\n\u003cstrong\u003e\\[version du 11 ao\u00fbt\\]\u003c/strong\u003e\n\nMicrosoft a publi\u00e9 une mise \u00e0 jour de s\u00e9curit\u00e9\n([KB5005652](https://support.microsoft.com/help/5005652)) corrigeant la\nvuln\u00e9rabilit\u00e9 r\u00e9f\u00e9renc\u00e9e par l\u0027identifiant CVE-2021-34481 \\[7\\]. \u003cstrong\u003ePoint\nimportant\u003c/strong\u003e : Microsoft a r\u00e9cemment pris connaissance d\u0027un \u003cstrong\u003esc\u00e9nario\nd\u0027attaque \u00e0 distance\u003c/strong\u003e pour cette vuln\u00e9rabilit\u00e9 dont l\u0027impact initial se\nrestreignait alors seulement \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges locaux.\nAinsi, Microsoft a donc r\u00e9vis\u00e9 son \u00e9valuation en cons\u00e9quence. Le score\nCVSSv3 de cette vuln\u00e9rabilit\u00e9 s\u0027\u00e9l\u00e8ve maintenant \u00e0 8.8. Nous vous\nrecommandons d\u0027installer ces mises \u00e0 jour imm\u00e9diatement.\n\n\u003cstrong\u003e\\[version du 16 juillet, 15h30\\]\u003c/strong\u003e\n\nLe 6 juillet 2021, Microsoft annon\u00e7ait un correctif pour la\nCVE-2021-34527 afin de prot\u00e9ger les syst\u00e8mes Windows contre une attaque\ndistante. Cependant, le 15 juillet 2021, Microsoft a publi\u00e9 un\nbulletin de s\u00e9curit\u00e9 \\[3\\] qui confirme l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\n\u003cu\u003enon corrig\u00e9e\u003c/u\u003e permettant une \u00e9l\u00e9vation locale des privil\u00e8ges avec\nles privil\u00e8ges SYSTEM. Cette vuln\u00e9rabilit\u00e9 est r\u00e9f\u00e9renc\u00e9e par\nl\u0027identifiant CVE-2021-34481 \\[4\\]. L\u0027attaquant exploite la\nvuln\u00e9rabilit\u00e9 en acc\u00e9dant au syst\u00e8me cible localement. Il peut \u00e9galement\ns\u0027appuyer sur une interaction avec l\u0027utilisateur pour effectuer les\nactions requises afin d\u0027exploiter la vuln\u00e9rabilit\u00e9 (ex. : inciter un\nutilisateur l\u00e9gitime \u00e0 ouvrir un document malveillant).\n\n\u003cstrong\u003eLe CERT-FR rappelle que les recommandations ci-dessous sont toujours\nvalables. Par ailleurs, des compl\u00e9ments d\u0027aide \u00e0 la d\u00e9tection ont \u00e9t\u00e9\najout\u00e9s ci-apr\u00e8s.\u003c/strong\u003e\n\n\u00a0\n\n\u00a0\n\n\u003cstrong\u003e\\[version du 12 juillet, 15h30\\]\u003c/strong\u003e Correction d\u0027une erreur dans le nom\ndu chemin \"C:\\\\Windows\\\\System32\\\\spool\\\\drivers\", il s\u0027agit bien de\n\"drivers\" et non pas \"driver\".\n\n\u003cstrong\u003e\\[version du 08 juillet 2021 14h30\\]\u003c/strong\u003e Le correctif publi\u00e9 par\nMicrosoft ainsi que la s\u00e9curisation de la fonctionnalit\u00e9 \"Point and\nPrint\" (d\u00e9crite ci-dessous) permettent de se pr\u00e9munir contre une\nex\u00e9cution de code arbitraire \u00e0 distance. L\u0027application de ces mesures\npermet d\u0027envisager la r\u00e9activation de l\u0027impression distante sur les\nserveurs d\u0027impression (cf. ci-dessous).\n\n\u003cstrong\u003e\\[version du 08 juillet 2021 09h00 : information concernant la\npublication des correctifs, ajout d\u0027une recommandation de l\u0027\u00e9diteur\\]\u003c/strong\u003e\nvoir ci-dessous.\u003cstrong\u003e  \n\u003c/strong\u003e\n\n\u003cstrong\u003e\\[version du 07 juillet 2021 10h00 : information concernant la\npublication des correctifs\\]\u003c/strong\u003e se r\u00e9f\u00e9rer \u00e0 la section \"Solution\".\n\n\u00a0\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\n\u003cstrong\u003eCette alerte annule et remplace l\u2019alerte CERT-FR\nCERTFR-2021-ALE-013.\u003c/strong\u003e\n\nLe 29 juin 2021, deux chercheurs ont pr\u00e9sent\u00e9 une fa\u00e7on d\u2019exploiter une\nvuln\u00e9rabilit\u00e9 affectant le spouleur d\u2019impression (*print spooler*) et\npermettant une ex\u00e9cution de code \u00e0 distance, entra\u00eenant une \u00e9l\u00e9vation de\nprivil\u00e8ges avec les droits SYSTEM.\n\nLe 1\u003csup\u003eer\u003c/sup\u003e juillet 2021, Microsoft a publi\u00e9 un avis de s\u00e9curit\u00e9 indiquant\nque cette vuln\u00e9rabilit\u00e9 \u00ab\u00a0jour z\u00e9ro\u00a0\u00bb (*zero day*) est diff\u00e9rente de la\nvuln\u00e9rabilit\u00e9 CVE-2021-1675 initialement corrig\u00e9e lors du Patch Tuesday\ndu 09 juin 2021.\n\nCette nouvelle vuln\u00e9rabilit\u00e9, CVE-2021-34527, affecte le spouleur\nd\u2019impression (*print spooler*) qui est un composant du syst\u00e8me\nd\u2019exploitation Windows activ\u00e9 par d\u00e9faut. Elle permet \u00e0 un attaquant\nd\u2019ex\u00e9cuter du code arbitraire \u00e0 distance avec les droits SYSTEM.\n\n\u003cstrong\u003eDes codes d\u0027exploitation sont publiquement disponibles sur Internet\u003c/strong\u003e,\nce qui signifie que l\u2019exploitation de cette vuln\u00e9rabilit\u00e9 est imminente\nou d\u00e9j\u00e0 en cours.\n\nCes codes exploitent la possibilit\u00e9 offerte par le service\u00a0spouleur\nd\u0027impression de t\u00e9l\u00e9verser un pilote, dans le cadre de l\u2019ajout d\u2019une\nnouvelle imprimante, pour installer un code malveillant. \u003cstrong\u003eCe service\n\u00e9tant activ\u00e9 par d\u00e9faut, tout syst\u00e8me Windows est donc actuellement\nvuln\u00e9rable, avec la possibilit\u00e9 d\u0027une exploitation \u00e0 distance.\u003c/strong\u003e\n\nEn particulier, au sein d\u0027un syst\u00e8me d\u0027information Microsoft, les\ncontr\u00f4leurs de domaine Active Directory sont particuli\u00e8rement expos\u00e9s,\npuisqu\u0027un attaquant, ayant pr\u00e9alablement compromis un poste utilisateur,\npourra *in fine* obtenir les droits et privil\u00e8ges de niveau\n\"administrateur de domaine\" Active Directory.\n\n\u003cstrong\u003eL\u2019ANSSI recommande fortement de r\u00e9aliser les actions suivantes\u00a0:\u003c/strong\u003e\n\n-   pour tous les syst\u00e8mes ne n\u00e9cessitant pas le service d\u0027impression,\n    en particulier pour les contr\u00f4leurs de domaine (le CERT-FR\n    recommande fortement de ne \u003cu\u003ejamais activer\u003c/u\u003e le service spouleur\n    d\u0027impression sur les contr\u00f4leurs de domaine) :\n    -   modifier le type de d\u00e9marrage vers la valeur \"D\u00e9sactiv\u00e9\" /\n        \"Disabled\" pour le service \"Spooler\" (description : \"Spouleur\n        d\u0027impression\" / \"Print Spooler\", ex\u00e9cutable : \"spoolsv.exe\"),\n    -   une fois le service d\u00e9sactiv\u00e9, il est n\u00e9cessaire d\u2019arr\u00eater\n        manuellement le service ou de red\u00e9marrer la machine\u00a0;\n-   appliquer une politique de filtrage r\u00e9seau afin d\u0027\u00e9viter les\n    lat\u00e9ralisations sur les syst\u00e8mes n\u00e9cessitant le service d\u0027impression\n    (notamment les postes de travail) : on pourra notamment utiliser le\n    pare-feu int\u00e9gr\u00e9 pour interdire les connexions entrantes sur les\n    ports 445 et 139 (canaux nomm\u00e9s SMB) ainsi qu\u0027interdire les\n    connexions \u00e0 destination du processus spoolsv.exe ;\n-   \u003cstrong\u003e\\[08 juillet 2021 14h30\\]\u003c/strong\u003e \u003cu\u003esur les \u00e9quipements non corrig\u00e9s ou\n    qui ne sont pas des serveurs d\u0027impression\u003c/u\u003e, d\u00e9sactiver la prise\n    en compte des demandes d\u2019impression distante \u003cs\u003esur l\u2019ensemble des\n    syst\u00e8mes\u003c/s\u003e, tout en laissant la possibilit\u00e9 de lancer une\n    impression locale. Ce param\u00e8tre peut \u00eatre d\u00e9fini \u00e0 l\u2019aide d\u2019une\n    Strat\u00e9gie de Groupe (*Group Policy*)\u00a0: le param\u00e8tre \u00ab\u00a0Autoriser le\n    spouleur d\u2019impression \u00e0 accepter les connexions des clients\u00a0\u00bb doit\n    \u00eatre \u00e0 l\u2019\u00e9tat \u00ab\u00a0D\u00e9sactiv\u00e9\u00a0\u00bb/\u00ab\u00a0Disabled\u00a0\u00bb (\u00ab\u00a0Configuration\n    ordinateur\u00a0\u00bb / \u00abMod\u00e8le d\u2019administration\u00a0\u00bb / \u00ab\u00a0Imprimantes\u00a0\u00bb) ;\n-   mettre en place une d\u00e9tection syst\u00e8me et r\u00e9seau dans le but de\n    d\u00e9tecter les exploitations sur les \u00e9quipements vuln\u00e9rables, les\n    \u00e9ventuelles lat\u00e9ralisations ainsi que la compromission des contr\u00f4les\n    de domaine Active Directory ;\n-   suivre les recommandations de s\u00e9curisation d\u0027Active Directory \\[1\\].\n\n### Informations d\u0027aide \u00e0 la d\u00e9tection syst\u00e8me\n\nUne premi\u00e8re mesure de d\u00e9tection des codes d\u0027exploitation actuels\nconsistera en la surveillance des processus enfant cr\u00e9\u00e9s par le\nprocessus *spoolsv.exe*, les codes d\u0027exploitation utilisant cette\ntechnique pour ex\u00e9cuter un code malveillant. Pour tracer la cr\u00e9ation\nd\u0027un processus fils, on peut regarder les \u00e9v\u00e8nements suivants :\n\n-   l\u0027\u00e9v\u00e8nement num\u00e9ro 4688 du fournisseur\n    \"Microsoft-Windows-Security-Auditing\" enregistr\u00e9 dans le journal de\n    s\u00e9curit\u00e9, si la strat\u00e9gie est configur\u00e9e pour le g\u00e9n\u00e9rer car cet\n    \u00e9v\u00e8nement n\u0027est pas produit par d\u00e9faut ;\n-   l\u0027\u00e9v\u00e8nement num\u00e9ro 1 du fournisseur \"Microsoft-Windows-Sysmon\"\n    enregistr\u00e9 dans le journal sysmon si l\u0027outil System Monitor est\n    install\u00e9.\n\nIl convient de noter que les moyens de d\u00e9tection ci-dessus sont\npertinents dans le cadre de la d\u00e9tection d\u0027une exploitation \u00e0 l\u0027aide des\ncodes publi\u00e9s le 29 juin 2021.\n\nEn compl\u00e9ment, il pourrait \u00eatre utile de tracer\u00a0:\n\n-   l\u2019\u00e9v\u00e8nement num\u00e9ro 11 du fournisseur\n    \"Microsoft-Windows-Security-Mitigations/KernelMode\", qui pourra \u00eatre\n    utilis\u00e9 afin d\u2019identifier le chargement d\u2019une biblioth\u00e8que dynamique\n    (*dll*) non sign\u00e9e (champs SignatureLevel et ImageName) par le\n    processus spoolsv.exe\n    (\u00ab\u00a0ProcessPath:\\*\\\\Windows\\\\System32\\\\spoolsv.exe\u00a0\u00bb).\n-   l\u2019\u00e9v\u00e8nement num\u00e9ro 7 du fournisseur\n    \"Microsoft-Windows-Sysmon/Operational\" avec une configuration\n    appropri\u00e9e de System Monitor pour identifier le chargement de\n    biblioth\u00e8que (*dll*) par le processus spoolsv.exe\n    (\"Image:\\\\C:\\\\Windows\\\\System32\\\\spoolsv.exe\") depuis le r\u00e9pertoire\n    de pilote (champ\n    \"ImageLoaded:C:\\\\Windows\\\\System32\\\\spool\\\\drivers\\\\\\*\") avec le\n    champ \"Signed\" \u00e0 false\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e L\u2019\u00e9v\u00e8nement num\u00e9ro 808 du fournisseur\n    \"Microsoft-Windows-PrintService/Admin\" indique qu\u0027une erreur est\n    survenue lors du chargement d\u0027un pilote (le chemin de la dll est\n    mentionn\u00e9 par le champ PluginDllName). Un nom peu commun peut \u00eatre\n    consid\u00e9r\u00e9 comme un marqueur. Note: l\u0027enregistrement de cet \u00e9v\u00e8nement\n    est activ\u00e9 par d\u00e9faut.\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e Certaines valeurs non usuelles remont\u00e9es par\n    l\u2019\u00e9v\u00e8nement num\u00e9ro 13 du fournisseur\n    \"Microsoft-Windows-Sysmon/Operational\" peuvent indiquer une\n    exploitation. Par exemple : DriverVersion=0.0.0.0,\n    DriverDate=01/01/1601 ou encore Manufacturer=(Empty). L\u0027installation\n    d\u0027un pilote d\u0027imprimante avec une valeur \"Manufacturer\" vide est une\n    action devant \u00eatre consid\u00e9r\u00e9e comme suspecte. De plus, si les cl\u00e9s\n    \"*Configuration File*\" et \"*Data File*\" contiennent la m\u00eame valeur,\n    cela peut-\u00eatre consid\u00e9r\u00e9 comme une exploitation r\u00e9ussie. Note : la\n    configuration doit \u00eatre modifi\u00e9e pour surveiller les modifications\n    de registre dans\n    *HKLM\\\\System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Environments\\\\Windows\n    x64\\\\Drivers\\\\Version-\\** par spoolsv.exe. Une r\u00e8gle Sigma peut \u00eatre\n    consult\u00e9e en suivant le lien \\[5\\].\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e Les codes d\u0027exploitation publiques montrent\n    un caract\u00e8re d\u00e9terministe permettant une mise en d\u00e9tection \u00e0 l\u0027aide\n    de l\u2019\u00e9v\u00e8nement num\u00e9ro 316 du fournisseur\n    \"Microsoft-Windows-PrintService/Operational\". En effet, le champs\n    *Param1* contient le nom du driver (1234, Mimikatz\u2026) et le champs\n    *Param4* les valeurs de *pDriverPath*, *pConfigFile*, *pDataFile*.\n    On s\u2019int\u00e9ressera particuli\u00e8rement \u00e0 une valeur suspecte de\n    *pDataFile* ou de *Param1*. Quand l\u0027exploitation est r\u00e9ussie,\n    *pConfigFile* et *pDataFile* ont la m\u00eame valeur : la DLL\n    malveillante. Note : cet \u00e9v\u00e8nement n\u0027est pas activ\u00e9 par d\u00e9faut, il\n    s\u0027active de la fa\u00e7on suivante : *wevtutil.exe sl\n    \"Microsoft-Windows-PrintService/Operational\" /e:True*. Une r\u00e8gle\n    Sigma peut \u00eatre consult\u00e9e en suivant le lien \\[6\\].\n\nEnfin, l\u2019\u00e9diteur met \u00e0 disposition un ensemble d\u2019informations pour les\nutilisateurs de la solution Microsoft 365 Defender \\[2\\].\n",
  "title": "[MaJ] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2021-07-15",
      "title": "[3] Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34481",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481"
    },
    {
      "published_at": "2021-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-36958",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958"
    },
    {
      "published_at": "2021-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34527",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527"
    }
  ]
}

CERTFR-2021-ALE-014

Vulnerability from certfr_alerte - Published: - Updated:

[version du 12 août 2021]

Aucun correctif n'est disponible pour l'instant. Microsoft conseille donc de désactiver le service.

Comme la désactivation complète des impressions est difficilement réalisable, le CERT-FR renvoie vers les recommandations formulées dans le paragraphe [version initiale].

[version du 11 août]

[version du 16 juillet, 15h30]

Le CERT-FR rappelle que les recommandations ci-dessous sont toujours valables. Par ailleurs, des compléments d'aide à la détection ont été ajoutés ci-après.

[version du 12 juillet, 15h30] Correction d'une erreur dans le nom du chemin "C:\Windows\System32\spool\drivers", il s'agit bien de "drivers" et non pas "driver".

[version du 08 juillet 2021 09h00 : information concernant la publication des correctifs, ajout d'une recommandation de l'éditeur] voir ci-dessous.

[version du 07 juillet 2021 10h00 : information concernant la publication des correctifs] se référer à la section "Solution".

[version initiale]

Cette alerte annule et remplace l’alerte CERT-FR CERTFR-2021-ALE-013.

Des codes d'exploitation sont publiquement disponibles sur Internet, ce qui signifie que l’exploitation de cette vulnérabilité est imminente ou déjà en cours.

L’ANSSI recommande fortement de réaliser les actions suivantes :

pour tous les systèmes ne nécessitant pas le service d'impression, en particulier pour les contrôleurs de domaine (le CERT-FR recommande fortement de ne jamais activer le service spouleur d'impression sur les contrôleurs de domaine) :
- modifier le type de démarrage vers la valeur "Désactivé" / "Disabled" pour le service "Spooler" (description : "Spouleur d'impression" / "Print Spooler", exécutable : "spoolsv.exe"),
- une fois le service désactivé, il est nécessaire d’arrêter manuellement le service ou de redémarrer la machine ;
appliquer une politique de filtrage réseau afin d'éviter les latéralisations sur les systèmes nécessitant le service d'impression (notamment les postes de travail) : on pourra notamment utiliser le pare-feu intégré pour interdire les connexions entrantes sur les ports 445 et 139 (canaux nommés SMB) ainsi qu'interdire les connexions à destination du processus spoolsv.exe ;
[08 juillet 2021 14h30] sur les équipements non corrigés ou qui ne sont pas des serveurs d'impression, désactiver la prise en compte des demandes d’impression distante sur l’ensemble des systèmes, tout en laissant la possibilité de lancer une impression locale. Ce paramètre peut être défini à l’aide d’une Stratégie de Groupe (Group Policy) : le paramètre « Autoriser le spouleur d’impression à accepter les connexions des clients » doit être à l’état « Désactivé »/« Disabled » (« Configuration ordinateur » / «Modèle d’administration » / « Imprimantes ») ;
mettre en place une détection système et réseau dans le but de détecter les exploitations sur les équipements vulnérables, les éventuelles latéralisations ainsi que la compromission des contrôles de domaine Active Directory ;
suivre les recommandations de sécurisation d'Active Directory [1].

Informations d'aide à la détection système

l'évènement numéro 4688 du fournisseur "Microsoft-Windows-Security-Auditing" enregistré dans le journal de sécurité, si la stratégie est configurée pour le générer car cet évènement n'est pas produit par défaut ;
l'évènement numéro 1 du fournisseur "Microsoft-Windows-Sysmon" enregistré dans le journal sysmon si l'outil System Monitor est installé.

Il convient de noter que les moyens de détection ci-dessus sont pertinents dans le cadre de la détection d'une exploitation à l'aide des codes publiés le 29 juin 2021.

En complément, il pourrait être utile de tracer :

l’évènement numéro 11 du fournisseur "Microsoft-Windows-Security-Mitigations/KernelMode", qui pourra être utilisé afin d’identifier le chargement d’une bibliothèque dynamique (dll) non signée (champs SignatureLevel et ImageName) par le processus spoolsv.exe (« ProcessPath:*\Windows\System32\spoolsv.exe »).
l’évènement numéro 7 du fournisseur "Microsoft-Windows-Sysmon/Operational" avec une configuration appropriée de System Monitor pour identifier le chargement de bibliothèque (dll) par le processus spoolsv.exe ("Image:\C:\Windows\System32\spoolsv.exe") depuis le répertoire de pilote (champ "ImageLoaded:C:\Windows\System32\spool\drivers\*") avec le champ "Signed" à false
[16 juillet 2021] L’évènement numéro 808 du fournisseur "Microsoft-Windows-PrintService/Admin" indique qu'une erreur est survenue lors du chargement d'un pilote (le chemin de la dll est mentionné par le champ PluginDllName). Un nom peu commun peut être considéré comme un marqueur. Note: l'enregistrement de cet évènement est activé par défaut.
[16 juillet 2021] Certaines valeurs non usuelles remontées par l’évènement numéro 13 du fournisseur "Microsoft-Windows-Sysmon/Operational" peuvent indiquer une exploitation. Par exemple : DriverVersion=0.0.0.0, DriverDate=01/01/1601 ou encore Manufacturer=(Empty). L'installation d'un pilote d'imprimante avec une valeur "Manufacturer" vide est une action devant être considérée comme suspecte. De plus, si les clés "Configuration File" et "Data File" contiennent la même valeur, cela peut-être considéré comme une exploitation réussie. Note : la configuration doit être modifiée pour surveiller les modifications de registre dans HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-* par spoolsv.exe. Une règle Sigma peut être consultée en suivant le lien [5].
[16 juillet 2021] Les codes d'exploitation publiques montrent un caractère déterministe permettant une mise en détection à l'aide de l’évènement numéro 316 du fournisseur "Microsoft-Windows-PrintService/Operational". En effet, le champs Param1 contient le nom du driver (1234, Mimikatz…) et le champs Param4 les valeurs de pDriverPath, pConfigFile, pDataFile. On s’intéressera particulièrement à une valeur suspecte de pDataFile ou de Param1. Quand l'exploitation est réussie, pConfigFile et pDataFile ont la même valeur : la DLL malveillante. Note : cet évènement n'est pas activé par défaut, il s'active de la façon suivante : wevtutil.exe sl "Microsoft-Windows-PrintService/Operational" /e:True. Une règle Sigma peut être consultée en suivant le lien [6].

Enfin, l’éditeur met à disposition un ensemble d’informations pour les utilisateurs de la solution Microsoft 365 Defender [2].

Solution

[05 janvier 2022] La vulnérabilité CVE-2021-36958 a été corrigée dans le Patch Tuesday de septembre 2021 : https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/.

[16 juillet 2021] Le CERT-FR actualisera cette alerte lorsqu'un correctif sera disponible pour la vulnérabilité CVE-2021-36958.

[11 août 2021] Microsoft a publié un correctif pour la vulnérabilité CVE CVE-2021-34481. Le CERT-FR recommande son installation dans les plus brefs délais.

[16 juillet 2021] Le CERT-FR actualisera cette alerte lorsqu'un correctif sera disponible pour la CVE CVE-2021-34481.

la clé de registre NoWarningNoElevationOnInstall (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint) doit être absente ou égale à 0 (DWORD)
la clé de registre NoWarningNoElevationOnUpdate (même emplacement) doit être absente ou égale à 0 (DWORD)

[08 juillet 2021] Des correctifs sont désormais disponibles pour toutes les versions maintenues de Microsoft Windows.

Important : Il convient de noter que les versions qui ne sont plus maintenues, telles que Windows 10 Version 1903, sont affectées par la vulnérabilité mais ne seront pas corrigées.

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 8.1 for 32-bit systems
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 10 Version 1607 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 21H1 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 2004 for x64-based Systems
Microsoft	Windows	Windows Server, version 20H2 (Server Core Installation)
Microsoft	Windows	Windows 10 Version 1809 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 21H1 for x64-based Systems
Microsoft	Windows	Windows 10 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1809 for 32-bit Systems
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 7 for 32-bit Systems Service Pack 1
Microsoft	Windows	Windows 8.1 for x64-based systems
Microsoft	Windows	Windows 10 Version 2004 for 32-bit Systems
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows 10 Version 1909 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1909 for x64-based Systems
Microsoft	Windows	Windows 10 Version 20H2 for x64-based Systems
Microsoft	Windows	Windows 7 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows 10 Version 2004 for ARM64-based Systems
Microsoft	Windows	Windows 10 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1809 for x64-based Systems
Microsoft	Windows	Windows 10 Version 1909 for ARM64-based Systems
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows 10 Version 21H1 for ARM64-based Systems

References

Title

Publication Time

Tags

[3] Bulletin de sécurité Microsoft CVE-2021-34481	2021-07-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-36958	2021-08-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-34527	2021-07-01	vendor-advisory
[6]	-	other
[5]	-	other
Avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021	-	other
[8] Bulletin du CERT/CC VU#131152 du 18 juillet 2021	-	other
[7]	-	other
[2] guide Microsoft 365 Defender	-	other
[1] Points de contrôle Active Directory définis par l'ANSSI	-	other
Avis CERT-FR CERTFR-2021-AVI-618 du 11 août 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for 32-bit systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 20H2 (Server Core Installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for 32-bit Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for x64-based systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2022-01-05",
  "content": "## Solution\n\n**\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003e\\[05 janvier 2022\\] La\nvuln\u00e9rabilit\u00e9 CVE-2021-36958 a \u00e9t\u00e9 corrig\u00e9e dans le Patch Tuesday de\nseptembre 2021 :\n\u003ca href=\"https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/\"\nclass=\"linkified\" rel=\"noreferrer nofollow noopener\"\ntarget=\"_blank\"\u003ehttps://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-710/.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e**\n\n**\\[16 juillet 2021\\] Le CERT-FR actualisera cette alerte lorsqu\u0027un\ncorrectif sera disponible pour la vuln\u00e9rabilit\u00e9 CVE-2021-36958.**\n\n**\\[11 ao\u00fbt 2021\\] Microsoft a publi\u00e9 un correctif pour la vuln\u00e9rabilit\u00e9\nCVE CVE-2021-34481.** Le CERT-FR recommande son installation dans les\nplus brefs d\u00e9lais.\n\n\u003cs\u003e**\\[16 juillet 2021\\] Le CERT-FR actualisera cette alerte lorsqu\u0027un\ncorrectif sera disponible pour la CVE CVE-2021-34481.**\u003c/s\u003e\n\n**\\[08 juillet 2021 14h30\\] Le CERT-FR recommande tr\u00e8s fortement\nd\u0027appliquer le correctif sans d\u00e9lai,** m\u00eame si celui-ci semble corriger\nuniquement l\u0027ex\u00e9cution de code arbitraire \u00e0 distance et non l\u0027escalade\nde privil\u00e8ge en local.\n\n**En outre, il est obligatoire de respecter la recommandation de\nl\u0027\u00e9diteur concernant la fonctionnalit\u00e9 \"*Point and Print*\"** en\ns\u0027assurant que, si les cl\u00e9s de registre existent (ce n\u0027est pas le cas\npar d\u00e9faut), celles-ci sont bien d\u00e9finies avec les valeurs suivantes :\n\n-   la cl\u00e9 de registre NoWarningNoElevationOnInstall\n    (HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\n    NT\\\\Printers\\\\PointAndPrint) doit \u00eatre absente ou \u00e9gale \u00e0 0 (DWORD)\n-   la cl\u00e9 de registre NoWarningNoElevationOnUpdate (m\u00eame emplacement)\n    doit \u00eatre absente ou \u00e9gale \u00e0 0 (DWORD)\n\n\u003cs\u003e**\\[06 juillet 2021\\]** L\u0027\u00e9diteur a publi\u00e9 des correctifs pour les\nversions maintenues de son syst\u00e8me d\u0027exploitation, \u00e0 l\u0027exception des\nversions Windows 2012 R2, Windows 2016 et Windows 10 Version 1607 pour\nlesquelles un correctif sera publi\u00e9 ult\u00e9rieurement.\u003c/s\u003e\n\n\u003cs\u003e**\\[08 juillet 2021\\]** Des correctifs sont d\u00e9sormais disponibles\npour toutes les versions maintenues de Microsoft Windows.\u003c/s\u003e\n\n**Important** : Il convient de noter que les versions qui ne sont plus\nmaintenues, telles que Windows 10 Version 1903, sont affect\u00e9es par la\nvuln\u00e9rabilit\u00e9 mais ne seront pas corrig\u00e9es.\n",
  "cves": [
    {
      "name": "CVE-2021-34481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34481"
    },
    {
      "name": "CVE-2021-36958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36958"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    }
  ],
  "links": [
    {
      "title": "[6]",
      "url": "https://github.com/SigmaHQ/sigma/blob/7584471e2ae06d756751ca40556782fe6fd5981d/rules/windows/builtin/win_exploit_cve_2021_1675_printspooler_operational.yml"
    },
    {
      "title": "[5]",
      "url": "https://github.com/SigmaHQ/sigma/blob/b09efee0452e7be7773807d8761a83d7fc54e033/rules/windows/registry_event/sysmon_registry_susp_printer_driver.yml"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-506/"
    },
    {
      "title": "[8] Bulletin du CERT/CC VU#131152 du 18 juillet 2021",
      "url": "https://kb.cert.org/vuls/id/131152"
    },
    {
      "title": "[7]",
      "url": "https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872"
    },
    {
      "title": "[2] guide Microsoft 365 Defender",
      "url": "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/tree/master/Exploits/Print%20Spooler%20RCE"
    },
    {
      "title": "[1] Points de contr\u00f4le Active Directory d\u00e9finis par l\u0027ANSSI",
      "url": "https://www.cert.ssi.gouv.fr/dur/CERTFR-2020-DUR-001/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-618 du 11 ao\u00fbt 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-618/"
    }
  ],
  "reference": "CERTFR-2021-ALE-014",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-02T00:00:00.000000"
    },
    {
      "description": "Publication de correctifs pour la plupart des versions de Microsoft Windows",
      "revision_date": "2021-07-07T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis CERT-FR CERTFR-2021-AVI-506 du 07 juillet 2021.",
      "revision_date": "2021-07-07T00:00:00.000000"
    },
    {
      "description": "Publication de correctifs pour toutes les versions, recommandation \u00e9diteur suppl\u00e9mentaire",
      "revision_date": "2021-07-08T00:00:00.000000"
    },
    {
      "description": "Clarification des recommandations",
      "revision_date": "2021-07-08T00:00:00.000000"
    },
    {
      "description": "correction chemin ImageLoaded:C:WindowsSystem32spooldrivers",
      "revision_date": "2021-07-12T00:00:00.000000"
    },
    {
      "description": "D\u00e9claration d\u0027une nouvelle CVE et compl\u00e9ments d\u0027information sur la d\u00e9tection syst\u00e8me",
      "revision_date": "2021-07-16T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour de l\u0027avis de l\u0027\u00e9diteur avec correctifs.",
      "revision_date": "2021-08-11T00:00:00.000000"
    },
    {
      "description": "Modification du titre, ajout de la vuln\u00e9rabilit\u00e9 CVE-2021-36958",
      "revision_date": "2021-08-12T00:00:00.000000"
    },
    {
      "description": "Mention de la disponibilit\u00e9 du correctif pour la vuln\u00e9rabilit\u00e9 CVE-2021-36958.",
      "revision_date": "2022-01-05T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2022-01-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 12 ao\u00fbt 2021\\]\u003c/strong\u003e\n\nLe 11 ao\u00fbt 2021, Microsoft a publi\u00e9 un avis concernant la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-36958\u00a0affectant le spouleur d\u2019impression (*print\nspooler*). Microsoft indique que cette vuln\u00e9rabilit\u00e9 permet une\nex\u00e9cution de code arbitraire \u00e0 distance. Le CERT/CC ajoute qu\u0027en se\nconnectant \u00e0 une imprimante malveillante, l\u0027attaquant peut ex\u00e9cuter du\ncode arbitraire avec les privil\u00e8ges *SYSTEM* \\[8\\].\n\nAucun correctif n\u0027est disponible pour l\u0027instant. Microsoft conseille\ndonc de d\u00e9sactiver le service.\n\nComme la d\u00e9sactivation compl\u00e8te des impressions est difficilement\nr\u00e9alisable, le CERT-FR renvoie vers les recommandations formul\u00e9es dans\nle paragraphe \\[version initiale\\].\n\n\u003cstrong\u003e\\[version du 11 ao\u00fbt\\]\u003c/strong\u003e\n\nMicrosoft a publi\u00e9 une mise \u00e0 jour de s\u00e9curit\u00e9\n([KB5005652](https://support.microsoft.com/help/5005652)) corrigeant la\nvuln\u00e9rabilit\u00e9 r\u00e9f\u00e9renc\u00e9e par l\u0027identifiant CVE-2021-34481 \\[7\\]. \u003cstrong\u003ePoint\nimportant\u003c/strong\u003e : Microsoft a r\u00e9cemment pris connaissance d\u0027un \u003cstrong\u003esc\u00e9nario\nd\u0027attaque \u00e0 distance\u003c/strong\u003e pour cette vuln\u00e9rabilit\u00e9 dont l\u0027impact initial se\nrestreignait alors seulement \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges locaux.\nAinsi, Microsoft a donc r\u00e9vis\u00e9 son \u00e9valuation en cons\u00e9quence. Le score\nCVSSv3 de cette vuln\u00e9rabilit\u00e9 s\u0027\u00e9l\u00e8ve maintenant \u00e0 8.8. Nous vous\nrecommandons d\u0027installer ces mises \u00e0 jour imm\u00e9diatement.\n\n\u003cstrong\u003e\\[version du 16 juillet, 15h30\\]\u003c/strong\u003e\n\nLe 6 juillet 2021, Microsoft annon\u00e7ait un correctif pour la\nCVE-2021-34527 afin de prot\u00e9ger les syst\u00e8mes Windows contre une attaque\ndistante. Cependant, le 15 juillet 2021, Microsoft a publi\u00e9 un\nbulletin de s\u00e9curit\u00e9 \\[3\\] qui confirme l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\n\u003cu\u003enon corrig\u00e9e\u003c/u\u003e permettant une \u00e9l\u00e9vation locale des privil\u00e8ges avec\nles privil\u00e8ges SYSTEM. Cette vuln\u00e9rabilit\u00e9 est r\u00e9f\u00e9renc\u00e9e par\nl\u0027identifiant CVE-2021-34481 \\[4\\]. L\u0027attaquant exploite la\nvuln\u00e9rabilit\u00e9 en acc\u00e9dant au syst\u00e8me cible localement. Il peut \u00e9galement\ns\u0027appuyer sur une interaction avec l\u0027utilisateur pour effectuer les\nactions requises afin d\u0027exploiter la vuln\u00e9rabilit\u00e9 (ex. : inciter un\nutilisateur l\u00e9gitime \u00e0 ouvrir un document malveillant).\n\n\u003cstrong\u003eLe CERT-FR rappelle que les recommandations ci-dessous sont toujours\nvalables. Par ailleurs, des compl\u00e9ments d\u0027aide \u00e0 la d\u00e9tection ont \u00e9t\u00e9\najout\u00e9s ci-apr\u00e8s.\u003c/strong\u003e\n\n\u00a0\n\n\u00a0\n\n\u003cstrong\u003e\\[version du 12 juillet, 15h30\\]\u003c/strong\u003e Correction d\u0027une erreur dans le nom\ndu chemin \"C:\\\\Windows\\\\System32\\\\spool\\\\drivers\", il s\u0027agit bien de\n\"drivers\" et non pas \"driver\".\n\n\u003cstrong\u003e\\[version du 08 juillet 2021 14h30\\]\u003c/strong\u003e Le correctif publi\u00e9 par\nMicrosoft ainsi que la s\u00e9curisation de la fonctionnalit\u00e9 \"Point and\nPrint\" (d\u00e9crite ci-dessous) permettent de se pr\u00e9munir contre une\nex\u00e9cution de code arbitraire \u00e0 distance. L\u0027application de ces mesures\npermet d\u0027envisager la r\u00e9activation de l\u0027impression distante sur les\nserveurs d\u0027impression (cf. ci-dessous).\n\n\u003cstrong\u003e\\[version du 08 juillet 2021 09h00 : information concernant la\npublication des correctifs, ajout d\u0027une recommandation de l\u0027\u00e9diteur\\]\u003c/strong\u003e\nvoir ci-dessous.\u003cstrong\u003e  \n\u003c/strong\u003e\n\n\u003cstrong\u003e\\[version du 07 juillet 2021 10h00 : information concernant la\npublication des correctifs\\]\u003c/strong\u003e se r\u00e9f\u00e9rer \u00e0 la section \"Solution\".\n\n\u00a0\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\n\u003cstrong\u003eCette alerte annule et remplace l\u2019alerte CERT-FR\nCERTFR-2021-ALE-013.\u003c/strong\u003e\n\nLe 29 juin 2021, deux chercheurs ont pr\u00e9sent\u00e9 une fa\u00e7on d\u2019exploiter une\nvuln\u00e9rabilit\u00e9 affectant le spouleur d\u2019impression (*print spooler*) et\npermettant une ex\u00e9cution de code \u00e0 distance, entra\u00eenant une \u00e9l\u00e9vation de\nprivil\u00e8ges avec les droits SYSTEM.\n\nLe 1\u003csup\u003eer\u003c/sup\u003e juillet 2021, Microsoft a publi\u00e9 un avis de s\u00e9curit\u00e9 indiquant\nque cette vuln\u00e9rabilit\u00e9 \u00ab\u00a0jour z\u00e9ro\u00a0\u00bb (*zero day*) est diff\u00e9rente de la\nvuln\u00e9rabilit\u00e9 CVE-2021-1675 initialement corrig\u00e9e lors du Patch Tuesday\ndu 09 juin 2021.\n\nCette nouvelle vuln\u00e9rabilit\u00e9, CVE-2021-34527, affecte le spouleur\nd\u2019impression (*print spooler*) qui est un composant du syst\u00e8me\nd\u2019exploitation Windows activ\u00e9 par d\u00e9faut. Elle permet \u00e0 un attaquant\nd\u2019ex\u00e9cuter du code arbitraire \u00e0 distance avec les droits SYSTEM.\n\n\u003cstrong\u003eDes codes d\u0027exploitation sont publiquement disponibles sur Internet\u003c/strong\u003e,\nce qui signifie que l\u2019exploitation de cette vuln\u00e9rabilit\u00e9 est imminente\nou d\u00e9j\u00e0 en cours.\n\nCes codes exploitent la possibilit\u00e9 offerte par le service\u00a0spouleur\nd\u0027impression de t\u00e9l\u00e9verser un pilote, dans le cadre de l\u2019ajout d\u2019une\nnouvelle imprimante, pour installer un code malveillant. \u003cstrong\u003eCe service\n\u00e9tant activ\u00e9 par d\u00e9faut, tout syst\u00e8me Windows est donc actuellement\nvuln\u00e9rable, avec la possibilit\u00e9 d\u0027une exploitation \u00e0 distance.\u003c/strong\u003e\n\nEn particulier, au sein d\u0027un syst\u00e8me d\u0027information Microsoft, les\ncontr\u00f4leurs de domaine Active Directory sont particuli\u00e8rement expos\u00e9s,\npuisqu\u0027un attaquant, ayant pr\u00e9alablement compromis un poste utilisateur,\npourra *in fine* obtenir les droits et privil\u00e8ges de niveau\n\"administrateur de domaine\" Active Directory.\n\n\u003cstrong\u003eL\u2019ANSSI recommande fortement de r\u00e9aliser les actions suivantes\u00a0:\u003c/strong\u003e\n\n-   pour tous les syst\u00e8mes ne n\u00e9cessitant pas le service d\u0027impression,\n    en particulier pour les contr\u00f4leurs de domaine (le CERT-FR\n    recommande fortement de ne \u003cu\u003ejamais activer\u003c/u\u003e le service spouleur\n    d\u0027impression sur les contr\u00f4leurs de domaine) :\n    -   modifier le type de d\u00e9marrage vers la valeur \"D\u00e9sactiv\u00e9\" /\n        \"Disabled\" pour le service \"Spooler\" (description : \"Spouleur\n        d\u0027impression\" / \"Print Spooler\", ex\u00e9cutable : \"spoolsv.exe\"),\n    -   une fois le service d\u00e9sactiv\u00e9, il est n\u00e9cessaire d\u2019arr\u00eater\n        manuellement le service ou de red\u00e9marrer la machine\u00a0;\n-   appliquer une politique de filtrage r\u00e9seau afin d\u0027\u00e9viter les\n    lat\u00e9ralisations sur les syst\u00e8mes n\u00e9cessitant le service d\u0027impression\n    (notamment les postes de travail) : on pourra notamment utiliser le\n    pare-feu int\u00e9gr\u00e9 pour interdire les connexions entrantes sur les\n    ports 445 et 139 (canaux nomm\u00e9s SMB) ainsi qu\u0027interdire les\n    connexions \u00e0 destination du processus spoolsv.exe ;\n-   \u003cstrong\u003e\\[08 juillet 2021 14h30\\]\u003c/strong\u003e \u003cu\u003esur les \u00e9quipements non corrig\u00e9s ou\n    qui ne sont pas des serveurs d\u0027impression\u003c/u\u003e, d\u00e9sactiver la prise\n    en compte des demandes d\u2019impression distante \u003cs\u003esur l\u2019ensemble des\n    syst\u00e8mes\u003c/s\u003e, tout en laissant la possibilit\u00e9 de lancer une\n    impression locale. Ce param\u00e8tre peut \u00eatre d\u00e9fini \u00e0 l\u2019aide d\u2019une\n    Strat\u00e9gie de Groupe (*Group Policy*)\u00a0: le param\u00e8tre \u00ab\u00a0Autoriser le\n    spouleur d\u2019impression \u00e0 accepter les connexions des clients\u00a0\u00bb doit\n    \u00eatre \u00e0 l\u2019\u00e9tat \u00ab\u00a0D\u00e9sactiv\u00e9\u00a0\u00bb/\u00ab\u00a0Disabled\u00a0\u00bb (\u00ab\u00a0Configuration\n    ordinateur\u00a0\u00bb / \u00abMod\u00e8le d\u2019administration\u00a0\u00bb / \u00ab\u00a0Imprimantes\u00a0\u00bb) ;\n-   mettre en place une d\u00e9tection syst\u00e8me et r\u00e9seau dans le but de\n    d\u00e9tecter les exploitations sur les \u00e9quipements vuln\u00e9rables, les\n    \u00e9ventuelles lat\u00e9ralisations ainsi que la compromission des contr\u00f4les\n    de domaine Active Directory ;\n-   suivre les recommandations de s\u00e9curisation d\u0027Active Directory \\[1\\].\n\n### Informations d\u0027aide \u00e0 la d\u00e9tection syst\u00e8me\n\nUne premi\u00e8re mesure de d\u00e9tection des codes d\u0027exploitation actuels\nconsistera en la surveillance des processus enfant cr\u00e9\u00e9s par le\nprocessus *spoolsv.exe*, les codes d\u0027exploitation utilisant cette\ntechnique pour ex\u00e9cuter un code malveillant. Pour tracer la cr\u00e9ation\nd\u0027un processus fils, on peut regarder les \u00e9v\u00e8nements suivants :\n\n-   l\u0027\u00e9v\u00e8nement num\u00e9ro 4688 du fournisseur\n    \"Microsoft-Windows-Security-Auditing\" enregistr\u00e9 dans le journal de\n    s\u00e9curit\u00e9, si la strat\u00e9gie est configur\u00e9e pour le g\u00e9n\u00e9rer car cet\n    \u00e9v\u00e8nement n\u0027est pas produit par d\u00e9faut ;\n-   l\u0027\u00e9v\u00e8nement num\u00e9ro 1 du fournisseur \"Microsoft-Windows-Sysmon\"\n    enregistr\u00e9 dans le journal sysmon si l\u0027outil System Monitor est\n    install\u00e9.\n\nIl convient de noter que les moyens de d\u00e9tection ci-dessus sont\npertinents dans le cadre de la d\u00e9tection d\u0027une exploitation \u00e0 l\u0027aide des\ncodes publi\u00e9s le 29 juin 2021.\n\nEn compl\u00e9ment, il pourrait \u00eatre utile de tracer\u00a0:\n\n-   l\u2019\u00e9v\u00e8nement num\u00e9ro 11 du fournisseur\n    \"Microsoft-Windows-Security-Mitigations/KernelMode\", qui pourra \u00eatre\n    utilis\u00e9 afin d\u2019identifier le chargement d\u2019une biblioth\u00e8que dynamique\n    (*dll*) non sign\u00e9e (champs SignatureLevel et ImageName) par le\n    processus spoolsv.exe\n    (\u00ab\u00a0ProcessPath:\\*\\\\Windows\\\\System32\\\\spoolsv.exe\u00a0\u00bb).\n-   l\u2019\u00e9v\u00e8nement num\u00e9ro 7 du fournisseur\n    \"Microsoft-Windows-Sysmon/Operational\" avec une configuration\n    appropri\u00e9e de System Monitor pour identifier le chargement de\n    biblioth\u00e8que (*dll*) par le processus spoolsv.exe\n    (\"Image:\\\\C:\\\\Windows\\\\System32\\\\spoolsv.exe\") depuis le r\u00e9pertoire\n    de pilote (champ\n    \"ImageLoaded:C:\\\\Windows\\\\System32\\\\spool\\\\drivers\\\\\\*\") avec le\n    champ \"Signed\" \u00e0 false\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e L\u2019\u00e9v\u00e8nement num\u00e9ro 808 du fournisseur\n    \"Microsoft-Windows-PrintService/Admin\" indique qu\u0027une erreur est\n    survenue lors du chargement d\u0027un pilote (le chemin de la dll est\n    mentionn\u00e9 par le champ PluginDllName). Un nom peu commun peut \u00eatre\n    consid\u00e9r\u00e9 comme un marqueur. Note: l\u0027enregistrement de cet \u00e9v\u00e8nement\n    est activ\u00e9 par d\u00e9faut.\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e Certaines valeurs non usuelles remont\u00e9es par\n    l\u2019\u00e9v\u00e8nement num\u00e9ro 13 du fournisseur\n    \"Microsoft-Windows-Sysmon/Operational\" peuvent indiquer une\n    exploitation. Par exemple : DriverVersion=0.0.0.0,\n    DriverDate=01/01/1601 ou encore Manufacturer=(Empty). L\u0027installation\n    d\u0027un pilote d\u0027imprimante avec une valeur \"Manufacturer\" vide est une\n    action devant \u00eatre consid\u00e9r\u00e9e comme suspecte. De plus, si les cl\u00e9s\n    \"*Configuration File*\" et \"*Data File*\" contiennent la m\u00eame valeur,\n    cela peut-\u00eatre consid\u00e9r\u00e9 comme une exploitation r\u00e9ussie. Note : la\n    configuration doit \u00eatre modifi\u00e9e pour surveiller les modifications\n    de registre dans\n    *HKLM\\\\System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Environments\\\\Windows\n    x64\\\\Drivers\\\\Version-\\** par spoolsv.exe. Une r\u00e8gle Sigma peut \u00eatre\n    consult\u00e9e en suivant le lien \\[5\\].\n-   \u003cstrong\u003e\\[16 juillet 2021\\]\u003c/strong\u003e Les codes d\u0027exploitation publiques montrent\n    un caract\u00e8re d\u00e9terministe permettant une mise en d\u00e9tection \u00e0 l\u0027aide\n    de l\u2019\u00e9v\u00e8nement num\u00e9ro 316 du fournisseur\n    \"Microsoft-Windows-PrintService/Operational\". En effet, le champs\n    *Param1* contient le nom du driver (1234, Mimikatz\u2026) et le champs\n    *Param4* les valeurs de *pDriverPath*, *pConfigFile*, *pDataFile*.\n    On s\u2019int\u00e9ressera particuli\u00e8rement \u00e0 une valeur suspecte de\n    *pDataFile* ou de *Param1*. Quand l\u0027exploitation est r\u00e9ussie,\n    *pConfigFile* et *pDataFile* ont la m\u00eame valeur : la DLL\n    malveillante. Note : cet \u00e9v\u00e8nement n\u0027est pas activ\u00e9 par d\u00e9faut, il\n    s\u0027active de la fa\u00e7on suivante : *wevtutil.exe sl\n    \"Microsoft-Windows-PrintService/Operational\" /e:True*. Une r\u00e8gle\n    Sigma peut \u00eatre consult\u00e9e en suivant le lien \\[6\\].\n\nEnfin, l\u2019\u00e9diteur met \u00e0 disposition un ensemble d\u2019informations pour les\nutilisateurs de la solution Microsoft 365 Defender \\[2\\].\n",
  "title": "[MaJ] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2021-07-15",
      "title": "[3] Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34481",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481"
    },
    {
      "published_at": "2021-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-36958",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958"
    },
    {
      "published_at": "2021-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34527",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527"
    }
  ]
}

FKIE_CVE-2021-34527

Vulnerability from fkie_nvd - Published: 2021-07-02 22:15 - Updated: 2025-11-06 14:51

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/383432	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	windows_10_1507	*
microsoft	windows_10_1607	*
microsoft	windows_10_1809	*
microsoft	windows_10_20h2	*
microsoft	windows_10_21h2	*
microsoft	windows_10_22h2	*
microsoft	windows_11_21h2	*
microsoft	windows_11_22h2	*
microsoft	windows_7	-
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	*
microsoft	windows_server_2019	*
microsoft	windows_server_2022	*
microsoft	windows_server_20h2	*

JSON

To clipboard

{
  "cisaActionDue": "2021-07-20",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C882409-BB85-490B-9D50-571B16C0DE86",
              "versionEndExcluding": "10.0.10240.18969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "217CDA93-36DA-49AE-9B8F-61D2E155B4F3",
              "versionEndExcluding": "10.0.14393.4470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D38F0E-B058-44EE-9C75-A96EBEA360A6",
              "versionEndExcluding": "10.0.17763.2029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "413EBEFB-B185-4D3E-840B-9F37AA041229",
              "versionEndExcluding": "10.0.19042.1083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B773592-2AC2-48CD-A6B3-98D2632A2F88",
              "versionEndExcluding": "10.0.19044.1415",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F26E89-0870-4C4A-81FE-F9F793A9E706",
              "versionEndExcluding": "10.0.19045.2251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "193B0B19-6DD7-4DF3-B133-D66B27C34E9C",
              "versionEndExcluding": "10.0.22000.318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DEC0AE5-324C-4117-ADFD-D8425D01C575",
              "versionEndExcluding": "10.0.22621.674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90B2736-F3AC-4CA9-9817-1CCC320B854D",
              "versionEndExcluding": "10.0.14393.4470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CDECCC-4AB5-406B-B265-3C1760D01339",
              "versionEndExcluding": "10.0.17763.2029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0663409D-4AE8-4BD9-85FE-9EAED15AE9DB",
              "versionEndExcluding": "10.0.20348.230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C7DE0-3E5C-4112-A7AD-FC195C3E2E62",
              "versionEndExcluding": "10.0.19042.1083",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la ejecuci\u00f3n de c\u00f3digo remota de Windows Print Spooler"
    }
  ],
  "id": "CVE-2021-34527",
  "lastModified": "2025-11-06T14:51:15.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-07-02T22:15:08.757",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/383432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-75F9-MM5V-2RGM

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-10-22 00:32

Details

Windows Print Spooler Remote Code Execution Vulnerability

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-34527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-02T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Print Spooler Remote Code Execution Vulnerability",
  "id": "GHSA-75f9-mm5v-2rgm",
  "modified": "2025-10-22T00:32:18Z",
  "published": "2022-05-24T19:06:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34527"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34527"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/383432"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-detection-script"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2021-34527-printnightmare-mitigation-script"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2021-48426

Vulnerability from cnvd - Published: 2021-07-07

Title

Microsoft Windows Print Spooler代码执行漏洞

Description

Windows Print Spooler是Windows的打印机后台处理程序。 Microsoft Windows Print Spooler存在代码执行漏洞，漏洞是由于Windows Print Spooler RpcAddPrinterDriverEx()未能正确地执行特权文件漏洞所致，允许远程攻击者利用漏洞提交特殊的请求，导致应用程序崩溃或以应用程序上下文执行任意代码。

Severity

高

Patch Name

Microsoft Windows Print Spooler代码执行漏洞的补丁

Patch Description

Formal description

目前用户可参考如下厂商提供的安全补丁以修复该漏洞： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527

Impacted products

Name
['Microsoft Windows 7', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 for 32-bit Systems', 'Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1', 'Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)', 'Microsoft Windows Server 2012 (Server Core installation)', 'Microsoft Windows Server 2012 R2 (Server Core installation)', 'Microsoft Windows Server 2016 (Server Core installation)', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows Server 2016 null', 'Microsoft Windows Server 2019', 'Microsoft Windows 10 Version 1809 for x64-based Systems', 'Microsoft Windows 10 Version 1809 for ARM64-based Systems', 'Microsoft Windows 10 Version 1809 for 32-bit Systems', 'Microsoft Windows 10 1909', 'Microsoft Windows Windows 10 1607', 'Microsoft Windows Server 2008 for x64-based Systems ServicePack 2 (Server Core installation)', 'Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2 (Server Core installation)', 'Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2', 'Microsoft Windows Server 2016 (Server Core installation)', 'Microsoft Windows Windows 10 for x64-based Systems', 'Microsoft Windows Server 20H2 (Server CoreInstallation)', 'Microsoft Windows Server 1909 (Server Coreinstallation)', 'Microsoft Windows Server 2019 (Server Core installation)', 'Microsoft Windows 10 20H2 for ARM64-based Systems', 'Microsoft Windows 10 20H2 for 32-bit Systems', 'Microsoft Windows 10 20H2 for x64-based Systems', 'Microsoft Windows 10 2004 for x64-based Systems', 'Microsoft Windows 10 2004 for ARM64-based Systems', 'Microsoft Windows 10 2004 for 32-bit Systems', 'Microsoft Windows 10 21H1 for 32-bit Systems', 'Microsoft Windows 10 21H1 for ARM64-b']

Name

['Microsoft Windows 7', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 for 32-bit Systems', 'Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1', 'Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)', 'Microsoft Windows Server 2012 (Server Core installation)', 'Microsoft Windows Server 2012 R2 (Server Core installation)', 'Microsoft Windows Server 2016 (Server Core installation)', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows Server 2016 null', 'Microsoft Windows Server 2019', 'Microsoft Windows 10 Version 1809 for x64-based Systems', 'Microsoft Windows 10 Version 1809 for ARM64-based Systems', 'Microsoft Windows 10 Version 1809 for 32-bit Systems', 'Microsoft Windows 10 1909', 'Microsoft Windows Windows 10 1607', 'Microsoft Windows Server 2008 for x64-based Systems ServicePack 2 (Server Core installation)', 'Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2 (Server Core installation)', 'Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2', 'Microsoft Windows Server 2016 (Server Core installation)', 'Microsoft Windows Windows 10 for x64-based Systems', 'Microsoft Windows Server 20H2 (Server CoreInstallation)', 'Microsoft Windows Server 1909 (Server Coreinstallation)', 'Microsoft Windows Server 2019 (Server Core installation)', 'Microsoft Windows 10 20H2 for ARM64-based Systems', 'Microsoft Windows 10 20H2 for 32-bit Systems', 'Microsoft Windows 10 20H2 for x64-based Systems', 'Microsoft Windows 10 2004 for x64-based Systems', 'Microsoft Windows 10 2004 for ARM64-based Systems', 'Microsoft Windows 10 2004 for 32-bit Systems', 'Microsoft Windows 10 21H1 for 32-bit Systems', 'Microsoft Windows 10 21H1 for ARM64-b']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-34527",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-34527"
    }
  },
  "description": "Windows Print Spooler\u662fWindows\u7684\u6253\u5370\u673a\u540e\u53f0\u5904\u7406\u7a0b\u5e8f\u3002\n\nMicrosoft Windows Print Spooler\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u662f\u7531\u4e8eWindows Print Spooler RpcAddPrinterDriverEx()\u672a\u80fd\u6b63\u786e\u5730\u6267\u884c\u7279\u6743\u6587\u4ef6\u6f0f\u6d1e\u6240\u81f4\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-48426",
  "openTime": "2021-07-07",
  "patchDescription": "Windows Print Spooler\u662fWindows\u7684\u6253\u5370\u673a\u540e\u53f0\u5904\u7406\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft Windows Print Spooler\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u662f\u7531\u4e8eWindows Print Spooler RpcAddPrinterDriverEx()\u672a\u80fd\u6b63\u786e\u5730\u6267\u884c\u7279\u6743\u6587\u4ef6\u6f0f\u6d1e\u6240\u81f4\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Print Spooler\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 7",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 for 32-bit Systems",
      "Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "Microsoft Windows Server 2012 (Server Core installation)",
      "Microsoft Windows Server 2012 R2 (Server Core installation)",
      "Microsoft Windows Server 2016 (Server Core installation)",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows Server 2016 null",
      "Microsoft Windows Server 2019",
      "Microsoft Windows 10 Version 1809 for x64-based Systems",
      "Microsoft Windows 10 Version 1809 for ARM64-based Systems",
      "Microsoft Windows 10 Version 1809 for 32-bit Systems",
      "Microsoft Windows 10 1909",
      "Microsoft Windows Windows 10 1607",
      "Microsoft Windows Server 2008 for x64-based Systems ServicePack 2 (Server Core installation)",
      "Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2 (Server Core installation)",
      "Microsoft Windows Server 2008 for 32-bit Systems ServicePack 2",
      "Microsoft Windows Server 2016  (Server Core installation)",
      "Microsoft Windows Windows 10 for x64-based Systems",
      "Microsoft Windows Server 20H2 (Server CoreInstallation)",
      "Microsoft Windows Server 1909 (Server Coreinstallation)",
      "Microsoft Windows Server 2019  (Server Core installation)",
      "Microsoft Windows 10 20H2 for ARM64-based Systems",
      "Microsoft Windows 10 20H2 for 32-bit Systems",
      "Microsoft Windows 10 20H2 for x64-based Systems",
      "Microsoft Windows 10 2004 for x64-based Systems",
      "Microsoft Windows 10 2004 for ARM64-based Systems",
      "Microsoft Windows 10 2004 for 32-bit Systems",
      "Microsoft Windows 10 21H1 for 32-bit Systems",
      "Microsoft Windows 10 21H1 for ARM64-b"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527",
  "serverity": "\u9ad8",
  "submitTime": "2021-07-05",
  "title": "Microsoft Windows Print Spooler\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CERTFR-2021-AVI-506

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Microsoft Windows. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 10 Version 2004 for x64-based Systems
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 Version 21H1 for ARM64-based Systems
Microsoft	Windows	Windows 8.1 for 32-bit systems
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows 7 for 32-bit Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 1909 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 20H2 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 21H1 for x64-based Systems
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for x64-based Systems
Microsoft	Windows	Windows 10 Version 2004 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 8.1 for x64-based systems
Microsoft	Windows	Windows 10 Version 1809 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 20H2 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 21H1 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1809 for ARM64-based Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 10 Version 1607 for x64-based Systems
Microsoft	Windows	Windows 10 Version 2004 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1809 for 32-bit Systems
Microsoft	Windows	Windows Server, version 20H2 (Server Core Installation)
Microsoft	Windows	Windows 10 Version 1909 for ARM64-based Systems
Microsoft	Windows	Windows 10 for x64-based Systems
Microsoft	Windows	Windows 10 Version 1909 for x64-based Systems
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 for 32-bit Systems
Microsoft	Windows	Windows 7 for x64-based Systems Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-34527 du 01 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 10 Version 2004 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for 32-bit systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for 32-bit Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for x64-based systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 20H2 (Server Core Installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-506",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Windows. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34527 du 01 juillet 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527"
    }
  ]
}

CERTFR-2021-AVI-506

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Microsoft Windows. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 10 Version 2004 for x64-based Systems
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 Version 21H1 for ARM64-based Systems
Microsoft	Windows	Windows 8.1 for 32-bit systems
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows 7 for 32-bit Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 1909 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 20H2 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 21H1 for x64-based Systems
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows 10 Version 20H2 for x64-based Systems
Microsoft	Windows	Windows 10 Version 2004 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 8.1 for x64-based systems
Microsoft	Windows	Windows 10 Version 1809 for x64-based Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 20H2 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 21H1 for 32-bit Systems
Microsoft	Windows	Windows 10 Version 1809 for ARM64-based Systems
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 for 32-bit Systems
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 10 Version 1607 for x64-based Systems
Microsoft	Windows	Windows 10 Version 2004 for ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1809 for 32-bit Systems
Microsoft	Windows	Windows Server, version 20H2 (Server Core Installation)
Microsoft	Windows	Windows 10 Version 1909 for ARM64-based Systems
Microsoft	Windows	Windows 10 for x64-based Systems
Microsoft	Windows	Windows 10 Version 1909 for x64-based Systems
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 for 32-bit Systems
Microsoft	Windows	Windows 7 for x64-based Systems Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-34527 du 01 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 10 Version 2004 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for 32-bit systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for 32-bit Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 for x64-based systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 20H2 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H1 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 20H2 (Server Core Installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 for x64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 for 32-bit Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-506",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Windows. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-34527 du 01 juillet 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527"
    }
  ]
}

CERTFR-2021-AVI-853

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Momentum MDI (171CBU), MC80 (BMKC8), HART (BMEAH*) toutes versions
N/A	N/A	versadac, toutes versions
Schneider Electric	N/A	EPack toutes versions
N/A	N/A	EPC2000 toutes versions
N/A	N/A	Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures
N/A	N/A	SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand
N/A	N/A	SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures
N/A	N/A	NMC embedded devices
N/A	N/A	BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions
N/A	N/A	BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions
Schneider Electric	N/A	Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures
Symfony	process	EcoStruxure Process Expert versions antérieures à V2021
N/A	N/A	Tricon Communication Modules versions antérieures à 11.8
N/A	N/A	TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures)
Schneider Electric	Modicon M340	Modicon M580 CPU (BMEP* and BMEH), Modicon M340 CPU (BMXP34), BMXNOM0200 toutes versions
Schneider Electric	N/A	Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures
Schneider Electric	N/A	T2750 PAC, toutes versions
Schneider Electric	N/A	Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures
N/A	N/A	HMISTO Series HMISTU/S5T Series toutes versions
Schneider Electric	N/A	TCSEGPA23F14F, BMECXM0100 toutes versions
N/A	N/A	HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures
N/A	N/A	BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions
N/A	N/A	Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions
N/A	N/A	Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures
N/A	N/A	Momentum ENT (170ENT11*) toutes versions
Schneider Electric	N/A	nanodac toutes versions
Schneider Electric	N/A	Network Management Card 2 (NMC2)
Schneider Electric	N/A	Schneider Electric Software Update, V2.3.0 à V2.5.1
N/A	N/A	Network Management Card 3 (NMC3)
N/A	N/A	6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions
Schneider Electric	N/A	BMXNOM0200 toutes versions
N/A	N/A	BMENOP0300, BMXNOR0200 toutes versions
Schneider Electric	N/A	Modicon LMC078 toutes versions
Schneider Electric	N/A	E+PLC400 toutes versions
N/A	N/A	Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-313-07 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-01 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-06 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-02 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-03 du 9 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "versadac, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EPack toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EPC2000 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "NMC embedded devices",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "T2750 PAC, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISTO Series HMISTU/S5T Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Momentum ENT (170ENT11*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "nanodac toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 2 (NMC2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 3 (NMC3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOM0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "BMENOP0300, BMXNOR0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon LMC078 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "E+PLC400 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-22811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
    },
    {
      "name": "CVE-2021-22813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
    },
    {
      "name": "CVE-2021-22810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
    },
    {
      "name": "CVE-2021-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
    },
    {
      "name": "CVE-2021-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
    },
    {
      "name": "CVE-2021-22814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-22799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
    },
    {
      "name": "CVE-2021-22816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-853",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    }
  ]
}

CERTFR-2021-AVI-622

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon et PLC Simulator (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-04)
Schneider Electric	N/A	Pro-face GP-Pro EX versions antérieures à V4.09.300
Schneider Electric	N/A	Vijeo Designer versions antérieures à V6.2 SP11
Schneider Electric	N/A	EcoStruxure Process Expert toutes versions (inclus HDCS) et SCADAPack RemoteConnect pour x70 (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-02)
Schneider Electric	N/A	AccuSine PCS+ / PFV+ versions antérieures à V1.6.7
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.2
Schneider Electric	N/A	EcoStruxure Control Expert versions antérieures à V15.0 SP1 (suivre la procédure de remédiation décrite dans le bulletin SEVD-2021-222-02)
Schneider Electric	N/A	AccuSine PCSn versions antérieures à V2.2.4
Schneider Electric	N/A	EcoStruxure Machine Expert versions antérieures à V2.0
Schneider Electric	N/A	SHAIIS-MT-111, SHASU-MT-107, SHFK-MT et SHFK-MT-104 sans le dernier correctif pour Windows
Schneider Electric	N/A	Programmable Automation Controller (PacDrive) M versions antérieures à 3 (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-06)

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2021-222-08 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-07 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-03 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-01 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-05 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-04 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-02 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-06 du 10 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon et PLC Simulator (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-04)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-face GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions ant\u00e9rieures \u00e0 V6.2 SP11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert toutes versions (inclus HDCS) et SCADAPack RemoteConnect pour x70 (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-02)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "AccuSine PCS+ / PFV+ versions ant\u00e9rieures \u00e0 V1.6.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.0 SP1 (suivre la proc\u00e9dure de rem\u00e9diation d\u00e9crite dans le bulletin SEVD-2021-222-02)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "AccuSine PCSn versions ant\u00e9rieures \u00e0 V2.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SHAIIS-MT-111, SHASU-MT-107, SHFK-MT et SHFK-MT-104 sans le dernier correctif pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Programmable Automation Controller (PacDrive) M versions ant\u00e9rieures \u00e0 3 (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-06)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2021-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-31166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31166"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-30186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30186"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2021-30188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30188"
    },
    {
      "name": "CVE-2021-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-22792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
    },
    {
      "name": "CVE-2021-22793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22793"
    },
    {
      "name": "CVE-2021-22704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22704"
    },
    {
      "name": "CVE-2021-30195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30195"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2021-22775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22775"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-622",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-08 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-08"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-07 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-03 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-01 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-05 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-04 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-02 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-06 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
    }
  ]
}

CERTFR-2022-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert versions antérieures à 15.1
EcoStruxure Process Expert versions antérieures à 2021
SCADAPack RemoteConnect for x70 toutes versions, se référer aux mesures de contournement proposées par l'éditeur
Smart-UPS séries SMT micrologiciels versions antérieures à UPS 04.6 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Smart-UPS séries SMC micrologiciels versions antérieures à UPS 04.3 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Aucun correctif n'est disponible pour les séries Smart-UPS SCL, SMX et SRT ainsi que les séries SmartConnect SMTL, SCL, et SMX. Se référer aux mesures de contournement proposées par l'éditeur
Ritto Wiser Door toutes versions, se référer aux mesures de contournement proposées par l'éditeur

Pour les vulnérabilités identifiées CVE-2021-22778, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782 et CVE-2020-12525, la mise à niveau vers EcoStruxure Control Expert v15.1 et EcoStruxure Process Expert v2021 constitue une première étape de contournement. L'éditeur annoncera la publication d'un nouveau micrologiciel afin de corriger ces vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-067-02 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 09 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-257-01 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-222-02 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-01 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-03 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider 2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.1\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.6 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMC micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.3 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eAucun correctif n\u0027est disponible pour les s\u00e9ries Smart-UPS SCL, SMX et SRT ainsi que les s\u00e9ries SmartConnect SMTL, SCL, et SMX. Se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eRitto Wiser Door toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour les vuln\u00e9rabilit\u00e9s identifi\u00e9es CVE-2021-22778, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782 et CVE-2020-12525, la mise \u00e0 niveau vers EcoStruxure Control Expert v15.1 et EcoStruxure Process Expert v2021 constitue une premi\u00e8re \u00e9tape de contournement. L\u0027\u00e9diteur annoncera la publication d\u0027un nouveau micrologiciel afin de corriger ces vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
    },
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-22797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22797"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2022-24323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-22783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22783"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 09 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-01 du 14 septembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-02 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-03 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider 2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

CERTFR-2021-AVI-853

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Momentum MDI (171CBU), MC80 (BMKC8), HART (BMEAH*) toutes versions
N/A	N/A	versadac, toutes versions
Schneider Electric	N/A	EPack toutes versions
N/A	N/A	EPC2000 toutes versions
N/A	N/A	Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures
N/A	N/A	SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand
N/A	N/A	SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures
N/A	N/A	NMC embedded devices
N/A	N/A	BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions
N/A	N/A	BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions
Schneider Electric	N/A	Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures
Symfony	process	EcoStruxure Process Expert versions antérieures à V2021
N/A	N/A	Tricon Communication Modules versions antérieures à 11.8
N/A	N/A	TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures)
Schneider Electric	Modicon M340	Modicon M580 CPU (BMEP* and BMEH), Modicon M340 CPU (BMXP34), BMXNOM0200 toutes versions
Schneider Electric	N/A	Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures
Schneider Electric	N/A	T2750 PAC, toutes versions
Schneider Electric	N/A	Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures
N/A	N/A	HMISTO Series HMISTU/S5T Series toutes versions
Schneider Electric	N/A	TCSEGPA23F14F, BMECXM0100 toutes versions
N/A	N/A	HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures
N/A	N/A	BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions
N/A	N/A	Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions
N/A	N/A	Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures
N/A	N/A	Momentum ENT (170ENT11*) toutes versions
Schneider Electric	N/A	nanodac toutes versions
Schneider Electric	N/A	Network Management Card 2 (NMC2)
Schneider Electric	N/A	Schneider Electric Software Update, V2.3.0 à V2.5.1
N/A	N/A	Network Management Card 3 (NMC3)
N/A	N/A	6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions
Schneider Electric	N/A	BMXNOM0200 toutes versions
N/A	N/A	BMENOP0300, BMXNOR0200 toutes versions
Schneider Electric	N/A	Modicon LMC078 toutes versions
Schneider Electric	N/A	E+PLC400 toutes versions
N/A	N/A	Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-313-07 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-01 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-06 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-02 du 9 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-03 du 9 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "versadac, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "EPack toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EPC2000 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "NMC embedded devices",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
      "product": {
        "name": "process",
        "vendor": {
          "name": "Symfony",
          "scada": false
        }
      }
    },
    {
      "description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "T2750 PAC, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISTO Series HMISTU/S5T Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Momentum ENT (170ENT11*) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "nanodac toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 2 (NMC2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Network Management Card 3 (NMC3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BMXNOM0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "BMENOP0300, BMXNOR0200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon LMC078 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "E+PLC400 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-22811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
    },
    {
      "name": "CVE-2021-22813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2021-22807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
    },
    {
      "name": "CVE-2021-22810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
    },
    {
      "name": "CVE-2021-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
    },
    {
      "name": "CVE-2021-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
    },
    {
      "name": "CVE-2021-22814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2021-22799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
    },
    {
      "name": "CVE-2021-22816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-853",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
    }
  ]
}

CERTFR-2021-AVI-622

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon et PLC Simulator (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-04)
Schneider Electric	N/A	Pro-face GP-Pro EX versions antérieures à V4.09.300
Schneider Electric	N/A	Vijeo Designer versions antérieures à V6.2 SP11
Schneider Electric	N/A	EcoStruxure Process Expert toutes versions (inclus HDCS) et SCADAPack RemoteConnect pour x70 (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-02)
Schneider Electric	N/A	AccuSine PCS+ / PFV+ versions antérieures à V1.6.7
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.2
Schneider Electric	N/A	EcoStruxure Control Expert versions antérieures à V15.0 SP1 (suivre la procédure de remédiation décrite dans le bulletin SEVD-2021-222-02)
Schneider Electric	N/A	AccuSine PCSn versions antérieures à V2.2.4
Schneider Electric	N/A	EcoStruxure Machine Expert versions antérieures à V2.0
Schneider Electric	N/A	SHAIIS-MT-111, SHASU-MT-107, SHFK-MT et SHFK-MT-104 sans le dernier correctif pour Windows
Schneider Electric	N/A	Programmable Automation Controller (PacDrive) M versions antérieures à 3 (suivre la procédure de contournement décrite dans le bulletin SEVD-2021-222-06)

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2021-222-08 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-07 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-03 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-01 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-05 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-04 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-02 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-06 du 10 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon et PLC Simulator (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-04)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Pro-face GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions ant\u00e9rieures \u00e0 V6.2 SP11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Process Expert toutes versions (inclus HDCS) et SCADAPack RemoteConnect pour x70 (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-02)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "AccuSine PCS+ / PFV+ versions ant\u00e9rieures \u00e0 V1.6.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.0 SP1 (suivre la proc\u00e9dure de rem\u00e9diation d\u00e9crite dans le bulletin SEVD-2021-222-02)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "AccuSine PCSn versions ant\u00e9rieures \u00e0 V2.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SHAIIS-MT-111, SHASU-MT-107, SHFK-MT et SHFK-MT-104 sans le dernier correctif pour Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Programmable Automation Controller (PacDrive) M versions ant\u00e9rieures \u00e0 3 (suivre la proc\u00e9dure de contournement d\u00e9crite dans le bulletin SEVD-2021-222-06)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2021-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-31166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31166"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-30186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30186"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2021-30188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30188"
    },
    {
      "name": "CVE-2021-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-22792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
    },
    {
      "name": "CVE-2021-22793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22793"
    },
    {
      "name": "CVE-2021-22704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22704"
    },
    {
      "name": "CVE-2021-30195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30195"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2021-22775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22775"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-622",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-08 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-08"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-07 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-03 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-01 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-05 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-04 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-02 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-06 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06"
    }
  ]
}

CERTFR-2022-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert versions antérieures à 15.1
EcoStruxure Process Expert versions antérieures à 2021
SCADAPack RemoteConnect for x70 toutes versions, se référer aux mesures de contournement proposées par l'éditeur
Smart-UPS séries SMT micrologiciels versions antérieures à UPS 04.6 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Smart-UPS séries SMC micrologiciels versions antérieures à UPS 04.3 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Aucun correctif n'est disponible pour les séries Smart-UPS SCL, SMX et SRT ainsi que les séries SmartConnect SMTL, SCL, et SMX. Se référer aux mesures de contournement proposées par l'éditeur
Ritto Wiser Door toutes versions, se référer aux mesures de contournement proposées par l'éditeur

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-067-02 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 09 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-257-01 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-222-02 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-01 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-03 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider 2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.1\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.6 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMC micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.3 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eAucun correctif n\u0027est disponible pour les s\u00e9ries Smart-UPS SCL, SMX et SRT ainsi que les s\u00e9ries SmartConnect SMTL, SCL, et SMX. Se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eRitto Wiser Door toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour les vuln\u00e9rabilit\u00e9s identifi\u00e9es CVE-2021-22778, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782 et CVE-2020-12525, la mise \u00e0 niveau vers EcoStruxure Control Expert v15.1 et EcoStruxure Process Expert v2021 constitue une premi\u00e8re \u00e9tape de contournement. L\u0027\u00e9diteur annoncera la publication d\u0027un nouveau micrologiciel afin de corriger ces vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
    },
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-22797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22797"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2022-24323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-22783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22783"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 09 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-01 du 14 septembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-02 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-03 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider 2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

GSD-2021-34527

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Windows Print Spooler Remote Code Execution Vulnerability

Aliases

CVE-2021-34527

Aliases

CVE-2021-34527

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-34527",
    "description": "Windows Print Spooler Remote Code Execution Vulnerability",
    "id": "GSD-2021-34527",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-34527"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-34527"
      ],
      "details": "Windows Print Spooler Remote Code Execution Vulnerability",
      "id": "GSD-2021-34527",
      "modified": "2023-12-13T01:23:14.222424Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-34527",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-07-20",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Windows Print Spooler Remote Code Execution Vulnerability",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "\"PrintNightmare\" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-34527",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows 10 Version 1809",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2029"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2029"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2029"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2022",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.20348.230"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19042.1083"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19042.1083"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 11 version 21H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.22000.318"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 21H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19044.1415"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 11 version 22H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.22621.674"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 22H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19045.2251"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 1507",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.10240.18969"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 1607",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.14393.4470"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.14393.4470"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2016 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.14393.4470"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 8.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.3.0",
                          "version_value": "6.3.9600.20046"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2008 Service Pack 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.0.0",
                          "version_value": "6.0.6003.21138"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.0.0",
                          "version_value": "6.0.6003.21138"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2008  Service Pack 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.0.0",
                          "version_value": "6.0.6003.21138"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2008 R2 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.1.0",
                          "version_value": "6.1.7601.25633"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.0.0",
                          "version_value": "6.1.7601.25633"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2012",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.2.0",
                          "version_value": "6.2.9200.23383"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2012 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.2.0",
                          "version_value": "6.2.9200.23383"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2012 R2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.3.0",
                          "version_value": "6.3.9600.20046"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2012 R2 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.3.0",
                          "version_value": "6.3.9600.20046"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
          },
          {
            "name": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-07-20",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8C882409-BB85-490B-9D50-571B16C0DE86",
                    "versionEndExcluding": "10.0.10240.18969",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "217CDA93-36DA-49AE-9B8F-61D2E155B4F3",
                    "versionEndExcluding": "10.0.14393.4470",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B9D38F0E-B058-44EE-9C75-A96EBEA360A6",
                    "versionEndExcluding": "10.0.17763.2029",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "413EBEFB-B185-4D3E-840B-9F37AA041229",
                    "versionEndExcluding": "10.0.19042.1083",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4B773592-2AC2-48CD-A6B3-98D2632A2F88",
                    "versionEndExcluding": "10.0.19044.1415",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "71F26E89-0870-4C4A-81FE-F9F793A9E706",
                    "versionEndExcluding": "10.0.19045.2251",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "193B0B19-6DD7-4DF3-B133-D66B27C34E9C",
                    "versionEndExcluding": "10.0.22000.318",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9DEC0AE5-324C-4117-ADFD-D8425D01C575",
                    "versionEndExcluding": "10.0.22621.674",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E90B2736-F3AC-4CA9-9817-1CCC320B854D",
                    "versionEndExcluding": "10.0.14393.4470",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "81CDECCC-4AB5-406B-B265-3C1760D01339",
                    "versionEndExcluding": "10.0.17763.2029",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0663409D-4AE8-4BD9-85FE-9EAED15AE9DB",
                    "versionEndExcluding": "10.0.20348.230",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B0C7DE0-3E5C-4112-A7AD-FC195C3E2E62",
                    "versionEndExcluding": "10.0.19042.1083",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n"
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad en la ejecuci\u00f3n de c\u00f3digo remota de Windows Print Spooler"
          }
        ],
        "id": "CVE-2021-34527",
        "lastModified": "2024-02-02T17:24:01.260",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.0,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-07-02T22:15:08.757",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Mitigation",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-269"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

VAR-202107-1010

Vulnerability from variot - Updated: 2024-02-13 01:24

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.

In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.

UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

. Print Spooler The service is a service for realizing the waiting for printing in printing. RpcAddPrinterDriverEx() The function is used by the above services to install the printer driver. Parameters DRIVER_CONTAINER Objects and parameters dwFileCopyFlags Controls the printer driver to be installed and how to copy files. If you are an authenticated user RpcAddPrinterDriverEx() The function can be executed. Therefore, an attacker who has obtained the authentication information can specify and install the driver on the remote server.By an authenticated remote third party SYSTEM Arbitrary code can be executed with privileges. Windows Print Spooler is a printer spooler for Windows. Microsoft Windows Print Spooler Components 存在安全漏洞，攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证，并在打印服务器中安装恶意的驱动程序。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2016"
      },
      {
        "model": "windows server r2 for x64-based systems service pack",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "20081"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "2019"
      },
      {
        "model": "windows server for 32-bit systems servicepack",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "microsoft",
        "version": "20082"
      },
      {
        "model": "windows 10 1809",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2029"
      },
      {
        "model": "windows 11 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22621.674"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "r2"
      },
      {
        "model": "windows server 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1083"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2016",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.14393.4470"
      },
      {
        "model": "windows 10 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19044.1415"
      },
      {
        "model": "windows rt 8.1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.20348.230"
      },
      {
        "model": "windows 10 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19045.2251"
      },
      {
        "model": "windows 10 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1083"
      },
      {
        "model": "windows server 2019",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2029"
      },
      {
        "model": "windows 10 1607",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.14393.4470"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2012",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "r2"
      },
      {
        "model": "windows 11 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22000.318"
      },
      {
        "model": "windows 8.1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 1507",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.10240.18969"
      },
      {
        "model": "windows server 2012",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "microsoft windows rt 8.1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2016",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2012",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 8.1",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 7",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows 10",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2008",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server 2019",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows rt sp0",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101607"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2012"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows version for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101809"
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101909"
      },
      {
        "model": "windows windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "101607"
      },
      {
        "model": "windows server for x64-based systems servicepack",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "20082"
      },
      {
        "model": "windows windows for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows server 20h2",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "1909"
      },
      {
        "model": "windows 20h2 for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 20h2 for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 20h2 for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows for arm64-based systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "102004"
      },
      {
        "model": "windows 21h1 for 32-bit systems",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "windows 21h1 for arm64-b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.17763.2029",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19042.1083",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.17763.2029",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19042.1083",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.10240.18969",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.14393.4470",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.14393.4470",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.20348.230",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.22000.318",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19044.1415",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.22621.674",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.19045.2251",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Will Dormann.We have not received a statement from the vendor.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-34527",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-48426",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-34527",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001967",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-34527",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-34527",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001967",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-48426",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-137",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-34527",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\u003cp\u003eA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u003c/p\u003e\n\u003cp\u003eUPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003eIn addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (\u003cstrong\u003eNote\u003c/strong\u003e: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\u003c/li\u003e\n\u003cli\u003eNoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003cli\u003eUpdatePromptSettings = 0 (DWORD) or not defined (default setting)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eHaving NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eUPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also \u003ca href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\"\u003eKB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as \u201cPrintNightmare\u201d, documented in CVE-2021-34527.\u003c/p\u003e\n. Print Spooler The service is a service for realizing the waiting for printing in printing. RpcAddPrinterDriverEx() The function is used by the above services to install the printer driver. Parameters DRIVER_CONTAINER Objects and parameters dwFileCopyFlags Controls the printer driver to be installed and how to copy files. If you are an authenticated user RpcAddPrinterDriverEx() The function can be executed. Therefore, an attacker who has obtained the authentication information can specify and install the driver on the remote server.By an authenticated remote third party SYSTEM Arbitrary code can be executed with privileges. Windows Print Spooler is a printer spooler for Windows. \nMicrosoft Windows Print Spooler Components \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u8be5\u6f0f\u6d1e\u7ed5\u8fc7PfcAddPrinterDriver\u7684\u5b89\u5168\u9a8c\u8bc1\uff0c\u5e76\u5728\u6253\u5370\u670d\u52a1\u5668\u4e2d\u5b89\u88c5\u6076\u610f\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aWindows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019  (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016  (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      },
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      }
    ],
    "trust": 4.05
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527",
        "trust": 3.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#383432",
        "trust": 2.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167261",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU96262037",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165024",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021070204",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022050084",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "id": "VAR-202107-1010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      }
    ]
  },
  "last_update_date": "2024-02-13T01:24:45.306000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2021-34527\u00a0|\u00a0Windows\u00a0Print\u00a0Spooler\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability",
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/b96cc497-59e5-4510-ab04-5484993b259b"
      },
      {
        "title": "Patch for Microsoft Windows Print Spooler code execution vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/277186"
      },
      {
        "title": "Multiple Microsoft Product code injection vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155832"
      },
      {
        "title": "Introduction\nInstallation\nUsage\nDependencies\nFeatures\nDoes it require elevated privileges?\nReferences\nScreenshot",
        "trust": 0.2,
        "url": "https://github.com/0xirison/printnightmare-patcher "
      },
      {
        "title": "PowerShell\nAssign-CalendarPermission.ps1:\nClear-ExternalDrive.ps1:\nConfirm-PrintNightmare.ps1:\nGet-MailboxReport.ps1:\nGet-NetworkDriveReport.ps1:\nNew-JabberCSV.ps1:\nRemove-DeletedGroup.ps1:\nCreateADUser:\nOneDrive:",
        "trust": 0.2,
        "url": "https://github.com/adampumphrey/powershell "
      },
      {
        "title": "Check Point Security Alerts: Microsoft Windows Print Spooler Remote Code Execution (CVE-2021-34527)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=93893ce22c8de5424f0b5d48db7fc253"
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/johnhammond/cve-2021-34527 "
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/cyb3rpeace/cve-2021-34527 "
      },
      {
        "title": "https://github.com/hackerhouse-opensource/hackerhouse-opensource",
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/hackerhouse-opensource "
      },
      {
        "title": "Welcome to our PrintNightmare exploit Capstone writeup. \nWhat even is \"PrintNightmare\"? \nDetection\nDamage Control \u0026 the Recovery Process Once a System has been Compromised \nMitigation and Isolation\nReproduction of the exploit \nRelated Links",
        "trust": 0.1,
        "url": "https://github.com/crtaylor315/legendary-invention "
      },
      {
        "title": "Welcome to our PrintNightmare exploit Capstone writeup. \nWhat even is \"PrintNightmare\"? \nDetection\nDamage Control \u0026 the Recovery Process Once a System has been Compromised \nMitigation and Isolation\nReproduction of the exploit \nRelated Links",
        "trust": 0.1,
        "url": "https://github.com/crtaylor315/printnightmare-before-halloween "
      },
      {
        "title": "CVE-2021-34527 - PrintNightmare LPE (PowerShell)",
        "trust": 0.1,
        "url": "https://github.com/sh7alward/cve-20121-34527-nightmare "
      },
      {
        "title": "CVE-2021-34527-1675",
        "trust": 0.1,
        "url": "https://github.com/cnoxx1/cve-2021-34527-1675 "
      },
      {
        "title": "PrintNightmare CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/powershellpr0mpt/printnightmare-cve-2021-34527 "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/scipag/hardeningkitty "
      },
      {
        "title": "Invoke-PrinterNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/wiredpulse/invoke-printernightmareresponse "
      },
      {
        "title": "CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/cve-2021-34527 "
      },
      {
        "title": "It Was All A Dream\nWhy?\nAlternatives\nInstallation\nUsage\nCredits",
        "trust": 0.1,
        "url": "https://github.com/byt3bl33d3r/itwasalladream "
      },
      {
        "title": "https://github.com/CanaanGM/cap_ze_flag",
        "trust": 0.1,
        "url": "https://github.com/canaangm/cap_ze_flag "
      },
      {
        "title": "CVE-2021-34527-PrintNightmare-Workaround",
        "trust": 0.1,
        "url": "https://github.com/geekbrett/cve-2021-34527-printnightmare-workaround "
      },
      {
        "title": "Powershell serviceflipper script for Spool service",
        "trust": 0.1,
        "url": "https://github.com/floridop/serviceflipper "
      },
      {
        "title": "CVE-2021-34527 PrintNightmare PoC \ud83d\udc7e",
        "trust": 0.1,
        "url": "https://github.com/d0rb/cve-2021-34527 "
      },
      {
        "title": "PowerShell-Scripts",
        "trust": 0.1,
        "url": "https://github.com/secmk/powershell-scripts "
      },
      {
        "title": "HardeningKitty and Windows 10 Hardening",
        "trust": 0.1,
        "url": "https://github.com/0x6d69636b/windows_hardening "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/alssi-consulting/hardeningkitty "
      },
      {
        "title": "random-scripts",
        "trust": 0.1,
        "url": "https://github.com/romarroca/random-scripts "
      },
      {
        "title": "disable-RegisterSpoolerRemoteRpcEndPoint",
        "trust": 0.1,
        "url": "https://github.com/rdboboia/disable-registerspoolerremoterpcendpoint "
      },
      {
        "title": "It Was All A Dream\nWhy?\nAlternatives\nInstallation\nUsage\nCredits",
        "trust": 0.1,
        "url": "https://github.com/vk9d/printnightmare "
      },
      {
        "title": "PrintNightmare (CVE-2021-34527)",
        "trust": 0.1,
        "url": "https://github.com/m8sec/cve-2021-34527 "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/synth3sis/printnightmare "
      },
      {
        "title": "CVE",
        "trust": 0.1,
        "url": "https://github.com/thangnguyenchien/cve "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/tomparte/printnightmare "
      },
      {
        "title": "Printnightmare",
        "trust": 0.1,
        "url": "https://github.com/eutectico/printnightmare "
      },
      {
        "title": "HardeningKitty and Windows 10 Hardening",
        "trust": 0.1,
        "url": "https://github.com/jcabrale/windows_hardening "
      },
      {
        "title": "Hacker Arsenal Tookit (HaRT)",
        "trust": 0.1,
        "url": "https://github.com/init6source/hacker-arsenal-toolkit "
      },
      {
        "title": "PrintNightMareChecker\nScreenshot",
        "trust": 0.1,
        "url": "https://github.com/yyhh91/printnightmarechecker "
      },
      {
        "title": "This is a scanner for the service Windows-Print-Spooler in risk\nBased on CVE-2021-34527 PoC originally created by cube0x0",
        "trust": 0.1,
        "url": "https://github.com/dywhoami/cve-2021-34527-scanner-based-on-cube0x0-poc "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/adamamicro/cahard "
      },
      {
        "title": "Invoke-PSObfuscation",
        "trust": 0.1,
        "url": "https://github.com/gh0x0st/invoke-psobfuscation "
      },
      {
        "title": "Offensive Cybersecurity Toolkit",
        "trust": 0.1,
        "url": "https://github.com/chdav/offensive-cybersec-toolkit "
      },
      {
        "title": "PsFix-CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/fardinbarashi/psfix-cve-2021-34527 "
      },
      {
        "title": "Introduction\nInstallation\nUsage\nDependencies\nFeatures\nDoes it require elevated privileges?\nReferences\nScreenshot",
        "trust": 0.1,
        "url": "https://github.com/0xirison/printernightmare-patcher "
      },
      {
        "title": "This is a scanner for the service Windows-Print-Spooler in risk\nBased on CVE-2021-34527 PoC originally created by cube0x0",
        "trust": 0.1,
        "url": "https://github.com/dywhoami/cve-2021-34527-scanner-not-poc-based-cube0x0 "
      },
      {
        "title": "Disable-Spooler-Service-PrintNightmare-CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/vinaysudheer/disable-spooler-service-printnightmare-cve-2021-34527 "
      },
      {
        "title": "Trabalho_Grau_B",
        "trust": 0.1,
        "url": "https://github.com/rafaelwduarte/trabalho_grau_b "
      },
      {
        "title": "CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/amaranese/cve-2021-34527 "
      },
      {
        "title": "PowerShell-PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/syntaxbearror/powershell-printnightmare "
      },
      {
        "title": "Invoke-PrinterNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/wiredpulse/invoke-printernightmarecheck "
      },
      {
        "title": "HardeningKitty",
        "trust": 0.1,
        "url": "https://github.com/gokul-c/cis-hardening-windows-l1 "
      },
      {
        "title": "printnightmare",
        "trust": 0.1,
        "url": "https://github.com/glorisonlai/printnightmare "
      },
      {
        "title": "PrintNightmare-Windows Print Spooler RCE/LPE Vulnerability(CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nathanealm/printnightmare-exploit "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2021-34527 "
      },
      {
        "title": "PrintNightmare exploit",
        "trust": 0.1,
        "url": "https://github.com/outflanknl/printnightmare "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/edsonjt81/spoolsploit "
      },
      {
        "title": "Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/hlldz/cve-2021-1675-lpe "
      },
      {
        "title": "PrintNightmareCheck",
        "trust": 0.1,
        "url": "https://github.com/xbufu/printnightmarecheck "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/cube0x0/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/beetlechunks/spoolsploit "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/wowter-code/powersharppack "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/edsonjt81/cve-2021-1675 "
      },
      {
        "title": "microsoft-vulnerabilidades\nVulnerabilidade de execu\u00e7\u00e3o remota de c\u00f3digo do Spooler de Impress\u00e3o do Windows\nCVE-2021-34527\nSinopse\nHaving NoWarningNoElevationOnInstall definido como 1 torna seu sistema vulner\u00e1vel por design.\nSolu\u00e7\u00f5es alternativas\nDeterminar se o servi\u00e7o Spooler de Impress\u00e3o est\u00e1 em execu\u00e7\u00e3o\nOp\u00e7\u00e3o 1 \u2014 Desabilitar o servi\u00e7o Spooler de Impress\u00e3o\nOp\u00e7\u00e3o 2 \u2014 Desabilitar a impress\u00e3o remota de entrada por meio da Pol\u00edtica de Grupo",
        "trust": 0.1,
        "url": "https://github.com/alvesnet-suporte/microsoft-vulnerabilidades "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2021-1675 "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/mtthwstffrd/cube0x0-cve-2021-1675 "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/auduongxuan/cve-2022-26809 "
      },
      {
        "title": "Windows Print Spooler Service RCE CVE-2021-1675 (PrintNightmare)\nHow to disable the Print Spooler service ?\nCMD Shell\nPowerShell\nService Control\nReferences",
        "trust": 0.1,
        "url": "https://github.com/ozergoker/printnightmare "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/spoolsploit "
      },
      {
        "title": "PrintNightmare (CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/corelight/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/yahya950/spoolsploit "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/galoget/printnightmare-cve-2021-1675-cve-2021-34527 "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/orgtestcodacy11krepos110mb/repo-9265-powersharppack "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/ly4k/printnightmare "
      },
      {
        "title": "Invoke-BuildAnonymousSMBServer",
        "trust": 0.1,
        "url": "https://github.com/3gstudent/invoke-buildanonymoussmbserver "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/retr0-13/printnightmare "
      },
      {
        "title": "awesome-c-sharp",
        "trust": 0.1,
        "url": "https://github.com/uhub/awesome-c-sharp "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/powersharppack "
      },
      {
        "title": "PowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/powersharppack "
      },
      {
        "title": "CNightmare - CVE-2021-1675 POC",
        "trust": 0.1,
        "url": "https://github.com/d0nkeyk0ng787/printnightmare-poc "
      },
      {
        "title": "PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nemo-wq/cve-2021-1675_cve-2021-34527_printnightmare "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527\nOfficial Guidance (Taken from CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/denizse/cve-2020-1675 "
      },
      {
        "title": "Print Nightmare \u5206\u6790\u62a5\u544a",
        "trust": 0.1,
        "url": "https://github.com/hahaleyile/my-cve-2021-1675 "
      },
      {
        "title": "From Lares Labs: Detection \u0026 Remediation Information for CVE-2021-1675 \u0026 CVE-2021-34527\nFlow Chart\nWorkaround Fix\nSysmon Config File\nSplunk Queries\nKQL Query for Sentinel / MDE via Olaf Hartong\nZeek Observations\nCarbon Black Hunting Query for CVE-2021-1675\nReferences",
        "trust": 0.1,
        "url": "https://github.com/laresllc/cve-2021-1675 "
      },
      {
        "title": "SpoolSploit\nDisclaimer\nCredits",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/spoolsploit "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/oscpname/ad_powersharppack "
      },
      {
        "title": "cyber-ansible",
        "trust": 0.1,
        "url": "https://github.com/carloslacasa/cyber-ansible "
      },
      {
        "title": "PrintNightmare\nCredits",
        "trust": 0.1,
        "url": "https://github.com/raithedavion/printnightmare "
      },
      {
        "title": "CVE-2021-1675 / CVE-2021-34527",
        "trust": 0.1,
        "url": "https://github.com/eng-amarante/cybersecurity "
      },
      {
        "title": "Printnightmare Safe Tool",
        "trust": 0.1,
        "url": "https://github.com/ssbhaumik/printnightmare-safetool "
      },
      {
        "title": "https://github.com/p0haku/cve_scraper",
        "trust": 0.1,
        "url": "https://github.com/p0haku/cve_scraper "
      },
      {
        "title": "Awesome Stars",
        "trust": 0.1,
        "url": "https://github.com/pluja/stars "
      },
      {
        "title": "PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/ollypwn/printnightmare "
      },
      {
        "title": "PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675)",
        "trust": 0.1,
        "url": "https://github.com/nemo-wq/printnightmare-cve-2021-34527 "
      },
      {
        "title": "TryHackMe | PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/r1skkam/printnightmare "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/61106960/clipysharppack "
      },
      {
        "title": "Sponsored by\nPowerSharpPack",
        "trust": 0.1,
        "url": "https://github.com/s3cur3th1ssh1t/powersharppack "
      },
      {
        "title": "RedCsharp",
        "trust": 0.1,
        "url": "https://github.com/boh/redcsharp "
      },
      {
        "title": "CVE-2021-34527_mitigation",
        "trust": 0.1,
        "url": "https://github.com/widespreadpandemic/cve-2021-34527_acl_mitigation "
      },
      {
        "title": "EVTX to MITRE Att@ck",
        "trust": 0.1,
        "url": "https://github.com/mdecrevoisier/evtx-to-mitre-attack "
      },
      {
        "title": "CVE-2021-34527_mitigation",
        "trust": 0.1,
        "url": "https://github.com/widespreadpandemic/cve-2021-34527_mitigation "
      },
      {
        "title": "RDP Breaker Tool",
        "trust": 0.1,
        "url": "https://github.com/royalboy2000/coderdpbreaker "
      },
      {
        "title": "https://github.com/glshnu/PrintNightmare",
        "trust": 0.1,
        "url": "https://github.com/glshnu/printnightmare "
      },
      {
        "title": "SharpKatz",
        "trust": 0.1,
        "url": "https://github.com/b4rtik/sharpkatz "
      },
      {
        "title": "INTRODUCTION TO ACTIVE DIRECTORY\nIntroduction to Active Directory Enumeration \u0026 Attacks",
        "trust": 0.1,
        "url": "https://github.com/gecr07/htb-academy "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/16/spooler_service_local_privilege_escalation/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_patched/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_fix_fail/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/02/printnightmare_cve/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2022/03/16/russia-attack-ngo-mfa-printnightmare/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34527"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167261/print-spooler-remote-dll-injection.html"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-1675  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-34527  "
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu96262037"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34527"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20210705-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2021/at210029.html"
      },
      {
        "trust": 0.8,
        "url": "https://kb.cert.org/vuls/id/383432"
      },
      {
        "trust": 0.8,
        "url": "https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability"
      },
      {
        "trust": 0.6,
        "url": "https://www.kb.cert.org/vuls/id/383432"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021070204"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022050084"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165024/printnightmare-vulnerability.html"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34527"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/07/07/printnightmare_patched/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/hackerhouse-opensource/hackerhouse-opensource"
      },
      {
        "trust": 0.1,
        "url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2021-1666.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "date": "2021-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "date": "2021-07-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "date": "2021-07-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-02T22:15:08.757000",
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#383432"
      },
      {
        "date": "2021-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-48426"
      },
      {
        "date": "2024-02-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34527"
      },
      {
        "date": "2021-07-08T08:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001967"
      },
      {
        "date": "2022-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2024-02-02T17:24:01.260000",
        "db": "NVD",
        "id": "CVE-2021-34527"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#383432"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 1.2
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-34527 (GCVE-0-2021-34527)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Informations d'aide à la détection système

Solution

Informations d'aide à la détection système

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature