CVE-2021-28313

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 1.0%

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Productos afectados

Microsoft · Microsoft Visual Studio 2015 Update 3 Microsoft · Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft · Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft · Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft · Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft · Windows 10 Version 1803 Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 1909 Microsoft · Windows 10 Version 2004 Microsoft · Windows 10 Version 20H2 Microsoft · Windows Server 2019 Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)Microsoft · Windows Server version 2004 Microsoft · Windows Server version 20H2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html http://seclists.org/fulldisclosure/2021/Apr/40 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313