CVE-2021-26443

CRITICAL9.0JSON export Create alert

Description

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / windows_10_180910.0.19041.1348 – 10.0.19041.1348
Microsoft / windows_10_180910.0.17763.2300 – 10.0.17763.2300
Microsoft / windows_10_190910.0.18363.1916 – 10.0.18363.1916
Microsoft / windows_10_21H110.0.19043.1348 – 10.0.19043.1348
Microsoft / windows_11_21H210.0.22000.318 – 10.0.22000.318
Microsoft / windows_server_200410.0.19041.1348 – 10.0.19041.1348
Microsoft / Windows Server 201910.0.17763.2300 – 10.0.17763.2300
Microsoft / Windows Server 202210.0.20348.350 – 10.0.20348.350
Microsoft / windows_server_20H210.0.19041.1348 – 10.0.19041.1348

References

VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26443