CVE-2021-34446

EUVD-2021-21101
Windows HTML Platforms Security Feature Bypass Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
microsoftCNA
8 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5004249
1607 (x64, x86)
KB5004238
1809 (arm64, x64, x86)
KB5004244
1909 (arm64, x64, x86)
KB5004245
2004 (arm64, x64, x86)
KB5004237
20H2 (arm64, x64, x86)
KB5004237
21H1 (arm64, x64, x86)
KB5004237
Windows 7
Service Pack 1 (x64, x86)
KB5005563
Windows 8.1
(x64, x86)
KB5004298
(x64, x86)
KB5005563
Windows RT 8.1
All
KB5004298
Windows Server 2008
Service Pack 2 (x64, x86)
KB5005563
Service Pack 2 (x64, x86)
KB5004305
Windows Server 2008 R2
Service Pack 1 (x64)
KB5005563
Windows Server 2012
Standard
KB5005563
Windows Server 2012 R2
Standard
KB5004298
Standard
KB5005563
Windows Server 2016
Standard
KB5004238
Windows Server 2019
Standard
KB5004244
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34446