What is the severity of CVE-2021-41379?

CVE-2021-41379 has been classified as a high severity vulnerability that allows for privilege escalation in Microsoft Windows Installer.

How do I fix CVE-2021-41379?

To mitigate CVE-2021-41379, apply the relevant security patches provided by Microsoft for your version of Windows.

Which versions of Windows are affected by CVE-2021-41379?

CVE-2021-41379 affects multiple versions of Microsoft Windows including Windows 10, Windows 11, and various Windows Server versions.

Is there a workaround for CVE-2021-41379?

Currently, Microsoft recommends applying the security updates as the primary means of protection against CVE-2021-41379.

How does CVE-2021-41379 impact system security?

CVE-2021-41379 potentially allows attackers to elevate their privileges, which may lead to unauthorized access and control over the system.

Vulnerability/
CVE-2021-41379

Exploited

high

7.8

CWE

9/11/2021

10/11/2021

24/2/2025

27/2/2025

CVE-2021-41379: Microsoft Windows Installer Service Link Following Privilege Escalation Vulnerability

First published: Tue Nov 09 2021(Updated: )

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10		fix available externally
Microsoft Windows 10	=2004	fix available externally
Microsoft Windows Server	=20H2	fix available externally
Microsoft Windows Server 2012 R2		fix available externally fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows Server 2012 R2		fix available externally fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 7		fix available externally fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows Server	=2004	fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10	=2004	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=2004	fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 7		fix available externally fix available externally
Microsoft Windows Server 2008 R2		fix available externally fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows Server 2008 R2		fix available externally fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows RT		fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows 8.1		fix available externally fix available externally
Microsoft Windows 8.1		fix available externally fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	<10.0.10240.19119
Microsoft Windows 10	<10.0.14393.4770
Microsoft Windows 10	<10.0.17763.2300
Microsoft Windows 10	<10.0.18363.1916
Microsoft Windows 10	<10.0.19041.1348
Microsoft Windows 10	<10.0.19042.1348
Microsoft Windows 10	<10.0.19043.1348
Windows 11	<10.0.22000.318
Microsoft Windows 7	=sp1
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows Server 2004	<10.0.19041.1348
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016	<10.0.14393.4770
Microsoft Windows Server 2019	<10.0.17763.2300
Microsoft Windows Server 2022	<10.0.20348.350
Microsoft Windows Server 20H2	<10.0.19042.1348
Microsoft Windows 10
Microsoft Windows 10	=20h2
Microsoft Windows 10	=21h1
Microsoft Windows 10	=1607
Microsoft Windows 10	=1809
Microsoft Windows 10	=1909
Microsoft Windows 10	=2004
Windows 11
Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=20h2
Microsoft Windows Server 2016	=2004
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2019		fix available externally
Windows 11	=21H2	fix available externally
Windows 11	=21H2	fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows Server 2022		fix available externally

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-41379?
CVE-2021-41379 has been classified as a high severity vulnerability that allows for privilege escalation in Microsoft Windows Installer.
How do I fix CVE-2021-41379?
To mitigate CVE-2021-41379, apply the relevant security patches provided by Microsoft for your version of Windows.
Which versions of Windows are affected by CVE-2021-41379?
CVE-2021-41379 affects multiple versions of Microsoft Windows including Windows 10, Windows 11, and various Windows Server versions.
Is there a workaround for CVE-2021-41379?
Currently, Microsoft recommends applying the security updates as the primary means of protection against CVE-2021-41379.
How does CVE-2021-41379 impact system security?
CVE-2021-41379 potentially allows attackers to elevate their privileges, which may lead to unauthorized access and control over the system.

agent/type
agent/first-publish-date
agent/title
agent/severity
agent/remedy
agent/weakness
agent/description
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/references
agent/author
agent/event
agent/trending
agent/source
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
collector/nvd-cve
collector/nvd-index
agent/softwarecombine
agent/tags
exploited/true
ransomware/true
collector/cisa-known-exploited
source/CISA
collector/zdi-advisory
source/ZDI
alias/ZDI-21-1308
alias/ZDI-CAN-14616
alias/CVE-2021-41379
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/2004
canonical/microsoft windows server
version/microsoft windows server/20h2
canonical/microsoft windows server 2012 r2
version/microsoft windows 10/20h2
version/microsoft windows 10/21h1
version/microsoft windows 10/1909
version/microsoft windows 10/1607
canonical/microsoft windows 7
version/microsoft windows 10/1809
version/microsoft windows server/2004
canonical/microsoft windows server 2008 r2
canonical/microsoft windows rt
canonical/microsoft windows 8.1
canonical/microsoft windows server 2016
canonical/windows 11
version/microsoft windows 7/sp1
canonical/microsoft windows server 2004
version/microsoft windows server/sp2
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows server 2019
canonical/microsoft windows server 2022
canonical/microsoft windows server 20h2
version/microsoft windows server 2016/20h2
version/microsoft windows server 2016/2004
canonical/microsoft windows
version/windows 11/21h2