CVE-2021-36962
Published on: 09/15/2021 12:00:00 AM UTC
Last Modified on: 09/24/2021 06:06:00 PM UTC
Certain versions of Windows 10 from Microsoft contain the following vulnerability:
Windows Installer Information Disclosure Vulnerability
- CVE-2021-36962 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 4.9 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| COMPLETE | NONE | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| ZDI-21-1103 | Zero Day Initiative | www.zerodayinitiative.com text/html |
MISC www.zerodayinitiative.com/advisories/ZDI-21-1103/ |
| Security Update Guide - Microsoft Security Response Center | portal.msrc.microsoft.com text/html |
MISC portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36962 |
Related QID Numbers
- 91816 Microsoft Windows Security Update for September 2021
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1909 | All | All | All |
| Operating System | Microsoft | Windows 10 | 2004 | All | All | All |
| Operating System | Microsoft | Windows 10 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h1 | All | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | r2 | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 2004 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*:
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*:
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2021-36962 : #Windows Installer Information Disclosure Vulnerability... cve.report/CVE-2021-36962 | 2021-09-15 11:34:33 |