What is CVE-2021-31958?

CVE-2021-31958 is a Windows NTLM Elevation of Privilege Vulnerability.

Which software is affected by CVE-2021-31958?

Microsoft Windows 10, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019 are affected by CVE-2021-31958.

What is the severity of CVE-2021-31958?

CVE-2021-31958 has a severity rating of 7.5 (high).

How can I fix CVE-2021-31958?

Microsoft has released a security update to address CVE-2021-31958. Please refer to the official Microsoft security advisory for more information.

What is the Common Weakness Enumeration (CWE) for CVE-2021-31958?

The CWE for CVE-2021-31958 is CWE-294 (Authentication Bypass by Capture-replay).

Vulnerability/
CVE-2021-31958

high

8.8

CWE

294

8/6/2021

3/8/2024

CVE-2021-31958: Windows NTLM Elevation of Privilege Vulnerability

First published: Tue Jun 08 2021(Updated: )

Windows NTLM Elevation of Privilege Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10
Microsoft Windows 10	=20h2
Microsoft Windows 10	=21h1
Microsoft Windows 10	=1607
Microsoft Windows 10	=1809
Microsoft Windows 10	=1909
Microsoft Windows 10	=2004
Microsoft Windows 7	=sp1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows Server 2008	=r2-sp1
Microsoft Windows Server 2008	=sp2
Microsoft Windows Server 2012
Microsoft Windows Server 2012	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=20h2
Microsoft Windows Server 2016	=1909
Microsoft Windows Server 2016	=2004
Microsoft Windows Server 2019

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958

Never miss a vulnerability like this again

Reference Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958

Frequently Asked Questions

What is CVE-2021-31958?
CVE-2021-31958 is a Windows NTLM Elevation of Privilege Vulnerability.
Which software is affected by CVE-2021-31958?
Microsoft Windows 10, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019 are affected by CVE-2021-31958.
What is the severity of CVE-2021-31958?
CVE-2021-31958 has a severity rating of 7.5 (high).
How can I fix CVE-2021-31958?
Microsoft has released a security update to address CVE-2021-31958. Please refer to the official Microsoft security advisory for more information.
What is the Common Weakness Enumeration (CWE) for CVE-2021-31958?
The CWE for CVE-2021-31958 is CWE-294 (Authentication Bypass by Capture-replay).

agent/author
agent/event
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/remedy
agent/references
agent/title
agent/severity
agent/description
agent/tags
collector/mitre-cve
source/MITRE
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/20h2
version/microsoft windows 10/21h1
version/microsoft windows 10/1607
version/microsoft windows 10/1809
version/microsoft windows 10/1909
version/microsoft windows 10/2004
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows 8.1
canonical/microsoft windows rt 8.1
canonical/microsoft windows server 2008
version/microsoft windows server 2008/r2-sp1
version/microsoft windows server 2008/sp2
canonical/microsoft windows server 2012
version/microsoft windows server 2012/r2
canonical/microsoft windows server 2016
version/microsoft windows server 2016/20h2
version/microsoft windows server 2016/1909
version/microsoft windows server 2016/2004
canonical/microsoft windows server 2019