CVE-2021-28321: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
First published: Tue Apr 13 2021(Updated: )
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Visual Studio | =2015-update3 | |
| Microsoft Visual Studio 2017 | >=15.0<=15.9 | |
| Microsoft Visual Studio 2019 | >=16.0<=16.7 | |
| Microsoft Visual Studio 2019 | >=16.8<=16.9 | |
| Microsoft Windows 10 | =20h2 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows Server 2016 | =20h2 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-28321?
CVE-2021-28321 is a vulnerability in the Diagnostics Hub Standard Collector Service that allows for elevation of privilege.
What software is affected by CVE-2021-28321?
Microsoft Visual Studio 2015 Update 3, Microsoft Visual Studio 2017 (versions 15.0 to 15.9), Microsoft Visual Studio 2019 (versions 16.0 to 16.7), Microsoft Windows 10 (versions 1803, 1809, 1909, 2004, and 20h2), Microsoft Windows Server 2016 (versions 1909, 2004, and 20h2), and Microsoft Windows Server 2019 are affected by CVE-2021-28321.
What is the severity of CVE-2021-28321?
CVE-2021-28321 has a severity rating of 7.8 (high).
How can I fix CVE-2021-28321?
Apply the necessary patches or updates provided by Microsoft to fix CVE-2021-28321. Check Microsoft's security advisory (link provided) for more information.
Where can I find more information about CVE-2021-28321?
You can find more information about CVE-2021-28321 in the provided references: Packet Storm Security, Full Disclosure mailing list, and Microsoft's security advisory.
- agent/description
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/remedy
- agent/title
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft visual studio
- version/microsoft visual studio/2015-update3
- canonical/microsoft visual studio 2017
- version/microsoft visual studio 2017/15.0
- version/microsoft visual studio 2017/15.9
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.0
- version/microsoft visual studio 2019/16.7
- version/microsoft visual studio 2019/16.8
- version/microsoft visual studio 2019/16.9
- canonical/microsoft windows 10
- version/microsoft windows 10/20h2
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/20h2
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows server 2019