What is CVE-2021-27070?

CVE-2021-27070 is a vulnerability in Microsoft Windows that allows local attackers to escalate privileges on affected installations.

What is the severity of CVE-2021-27070?

The severity of CVE-2021-27070 is critical, with a CVSS score of 7.8.

How can an attacker exploit CVE-2021-27070?

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit CVE-2021-27070.

Which software versions are affected by CVE-2021-27070?

CVE-2021-27070 affects Microsoft Windows 10 versions 20H2 and 2004, as well as Windows Server 2016 versions 20H2 and 2004.

How can I fix CVE-2021-27070?

To fix CVE-2021-27070, apply the necessary patches provided by Microsoft, which can be found at the provided URLs.

Vulnerability/
CVE-2021-27070

critical

9.3

CWE

732

9/3/2021

11/3/2021

16/1/2024

3/8/2024

CVE-2021-27070: Microsoft Windows Update Assistant Improper Access Control Privilege Escalation Vulnerability

First published: Tue Mar 09 2021(Updated: )

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
	=20H2	fix available externally
	=20H2	fix available externally
	=20H2	fix available externally
	=20H2	fix available externally
	=2004	fix available externally
	=2004	fix available externally
	=2004	fix available externally
	=2004	fix available externally
Microsoft Windows 10	=20h2
Microsoft Windows 10	=2004
Microsoft Windows Server 2016	=20h2
Microsoft Windows Server 2016	=2004
Microsoft Windows

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-27070?
CVE-2021-27070 is a vulnerability in Microsoft Windows that allows local attackers to escalate privileges on affected installations.
What is the severity of CVE-2021-27070?
The severity of CVE-2021-27070 is critical, with a CVSS score of 7.8.
How can an attacker exploit CVE-2021-27070?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit CVE-2021-27070.
Which software versions are affected by CVE-2021-27070?
CVE-2021-27070 affects Microsoft Windows 10 versions 20H2 and 2004, as well as Windows Server 2016 versions 20H2 and 2004.
How can I fix CVE-2021-27070?
To fix CVE-2021-27070, apply the necessary patches provided by Microsoft, which can be found at the provided URLs.

agent/type
agent/first-publish-date
collector/msrc-cve
source/Microsoft
agent/author
collector/zdi-advisory
source/ZDI
alias/ZDI-21-329
alias/ZDI-CAN-12110
alias/CVE-2021-27070
agent/software-canonical-lookup
agent/title
agent/remedy
agent/references
agent/weakness
agent/severity
agent/softwarecombine
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/tags
agent/source
vendor/microsoft
canonical/microsoft windows
canonical/microsoft windows server
version/microsoft windows server/20h2
canonical/microsoft windows 10
version/microsoft windows 10/2004
version/microsoft windows 10/20h2
version/microsoft windows server/2004
canonical/microsoft windows server 2016
version/microsoft windows server 2016/20h2
version/microsoft windows server 2016/2004

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.