Microsoft: >> Windows 7 Security Vulnerabilities
Remote Access API Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.065
Published
2021-03-11
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p>
<p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p>
<p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>
CVSS Score
7.8
EPSS Score
0.005
Published
2021-03-11
Windows Graphics Component Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.053
Published
2021-03-11
Windows Installer Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.005
Published
2021-03-11
Windows ActiveX Installer Service Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.004
Published
2021-03-11
Windows Event Tracing Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.005
Published
2021-03-11
Windows User Profile Service Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.003
Published
2021-03-11
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.013
Published
2021-03-11
Windows Event Tracing Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.005
Published
2021-03-11
CVE-2021-26411
Internet Explorer Memory Corruption Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.89
Published
2021-03-11