CVE-2021-26415: Microsoft Windows Installer Service Untrusted File Path Arbitrary File Write Vulnerability
First published: Tue Apr 13 2021(Updated: )
This vulnerability allows local attackers to write data to arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Server | =20H2 | |
| Microsoft Windows Server | =1909 | |
| Microsoft Windows 7 | ||
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =2004 | |
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2019 | ||
| Windows 10 | =20H2 | |
| Windows 10 | =20H2 | |
| Windows 10 | =20H2 | |
| Windows 10 | =1803 | |
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =1809 | |
| Windows 10 | =1607 | |
| Windows 10 | =1607 | |
| Windows 10 | =1909 | |
| Windows 10 | =1909 | |
| Windows 10 | =1909 | |
| Windows 10 | ||
| Windows 10 | =1803 | |
| Windows 10 | =1803 | |
| Windows 10 | ||
| Windows 10 | =2004 | |
| Windows 10 | =2004 | |
| Windows 10 | =2004 | |
| Windows 10 | ||
| Windows 10 | =20h2 | |
| Windows 10 | =1607 | |
| Windows 10 | =1803 | |
| Windows 10 | =1809 | |
| Windows 10 | =1909 | |
| Windows 10 | =2004 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =20h2 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-26415?
CVE-2021-26415 is rated as a critical vulnerability due to its potential to allow local attackers to write data to arbitrary files.
How do I fix CVE-2021-26415?
To fix CVE-2021-26415, apply the latest security updates from Microsoft for your affected Windows version.
What are the affected products for CVE-2021-26415?
CVE-2021-26415 affects multiple versions of Microsoft Windows, including Windows 7, Windows 10, and various Windows Server editions.
Can CVE-2021-26415 be exploited remotely?
CVE-2021-26415 requires local access to the system to exploit, meaning it cannot be exploited remotely without prior access.
Is there a patch available for CVE-2021-26415?
Yes, Microsoft has released patches for CVE-2021-26415 that need to be installed on affected systems.
- agent/type
- agent/first-publish-date
- collector/msrc-cve
- source/Microsoft
- agent/software-canonical-lookup
- agent/weakness
- agent/title
- agent/remedy
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-409
- alias/ZDI-CAN-12403
- alias/CVE-2021-26415
- vendor/microsoft
- canonical/microsoft windows server
- version/microsoft windows server/20h2
- version/microsoft windows server/1909
- canonical/microsoft windows 7
- canonical/microsoft windows server 2008 r2
- version/microsoft windows server/2004
- canonical/microsoft windows server 2012 r2
- canonical/microsoft windows rt
- canonical/microsoft windows 8.1
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/windows 10
- version/windows 10/20h2
- version/windows 10/1803
- version/windows 10/1809
- version/windows 10/1607
- version/windows 10/1909
- version/windows 10/2004
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- version/microsoft windows server 2016/20h2
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows operating system