CVE-2021-31958:
Windows NTLM Elevation of Privilege Vulnerability (CVE-2021-31958)
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Jun 8, 2021
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:2.1
- EPSS Percentile:84%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:REQUIRED
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Windows NTLM Elevation of Privilege Vulnerability (CVE-2021-31958)
Overview
This vulnerability affects the Windows NT LAN Manager (NTLM) authentication protocol, which is used in various Windows environments for authentication purposes. The vulnerability stems from improper authentication handling that could allow an attacker to bypass intended authentication requirements. If successfully exploited, an attacker could elevate their privileges on the affected system and potentially gain unauthorized access to protected resources. The vulnerability is particularly concerning in enterprise environments where NTLM authentication is widely used.
Remediation
- To address this vulnerability, Microsoft has released security updates that should be applied as soon as possible. Organizations should:
- 1. Apply the latest security patches from Microsoft that address CVE-2021-31958
- 2. Consider implementing additional authentication mechanisms such as Kerberos where possible
- 3. Limit the use of NTLM authentication in favor of more secure protocols
- 4. Monitor systems for suspicious authentication attempts
- 5. Implement the principle of least privilege across all systems
- 6. Consider network segmentation to limit the potential impact of compromised credentials
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
