Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2021-26887

Опубликовано: 15 мар. 2021
Источник: msrc
CVSS3: 7.8
EPSS Низкий

Описание

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.

To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.

This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance.

FAQ

There are no Downloads listed in the Security Updates table. How do I protect my system from this vulnerability?

This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See Deploy Folder Redirection with Offline Files for instructions for configuring your system.

Обновления

ПродуктСтатьяОбновление
Windows Server 2012
50008475000840
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
50008475000840
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 65%
0.00489
Низкий

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-26887

CVSS3: 7.8
nvd
больше 4 лет назад

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>

github логотип

GHSA-xphp-jrmh-9rjj

CVSS3: 7.8
github
около 3 лет назад

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

fstec логотип

BDU:2021-01677

CVSS3: 7.8
fstec
больше 4 лет назад

Уязвимость реализации технологии перенаправления папок Folder Redirection операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 65%
0.00489
Низкий

7.8 High

CVSS3