Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 4, 2021Rewterz Threat Advisory –CVE-2020-4707 – IBM API Connect Vulnerabillity
August 5, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 4, 2021Rewterz Threat Advisory –CVE-2020-4707 – IBM API Connect Vulnerabillity
August 5, 2021Severity
High
Analysis Summary
CVE-2021-36928
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Edge Installer. By creating a directory junction, an attacker can abuse Edge Installer to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
- Code Execution
Affected Vendors
Microsoft
Affected Products
- Microsoft Edge
Remediation
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928