First published: Tue Oct 12 2021(Updated: )
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deployment Service. By creating a directory junction, an attacker can abuse the service to delete the contents of a chosen directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 10 | =20H2 | |
Microsoft Windows | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows 10 | =21H1 | |
Microsoft Windows 10 | =2004 | |
Microsoft Windows 10 | =21H1 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 10 | =2004 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows Server 2022 | ||
Microsoft Windows 10 | =21H1 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 10 | ||
Microsoft Windows 11 | =21H2 | |
Microsoft Windows Server | =20H2 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows Server 2019 | ||
Microsoft Windows 11 | =21H2 | |
Microsoft Windows 10 | ||
Microsoft Windows 10 | =2004 | |
Microsoft Windows 10 | =20H2 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows Server | =2004 | |
Microsoft Windows Server 2019 | ||
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =20H2 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =20h2 | |
Microsoft Windows 10 | =21h1 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 10 | =2004 | |
Microsoft Windows 11 | ||
Microsoft Windows 11 | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =20h2 | |
Microsoft Windows Server 2016 | =2004 | |
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
=20h2 | ||
=21h1 | ||
=1607 | ||
=1809 | ||
=1909 | ||
=2004 | ||
=20h2 | ||
=2004 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41347 is a privilege escalation vulnerability in Microsoft Windows AppX Deployment Service, allowing local attackers to escalate privileges on affected installations of Windows.
An attacker with the ability to execute low-privileged code on the target system can exploit this vulnerability to escalate privileges.
Microsoft Windows 10 (versions 1607, 1909, 2004, 20H2, 21H1), Windows 11 (version 21H2), Windows Server 2016 (Server Core installation), Windows Server 2019, and Windows Server 2022 are affected by CVE-2021-41347.
The severity of CVE-2021-41347 vulnerability is high, with a CVSS score of 7.8.
To fix CVE-2021-41347 vulnerability, apply the relevant patches provided by Microsoft or follow the recommended remediation steps outlined in the Microsoft security advisory.