CVE-2021-31958 | Armis Vulnerability Intelligence Database

Description Preview

CVE-2021-31958 is an elevation of privilege vulnerability in the Windows NTLM authentication protocol. This vulnerability is classified as CWE-294 (Authentication Bypass) and could allow an attacker to gain elevated privileges on affected systems by exploiting weaknesses in the NTLM authentication mechanism.

Overview

This vulnerability affects the Windows NT LAN Manager (NTLM) authentication protocol, which is used in various Windows environments for authentication purposes. The vulnerability stems from improper authentication handling that could allow an attacker to bypass intended authentication requirements. If successfully exploited, an attacker could elevate their privileges on the affected system and potentially gain unauthorized access to protected resources. The vulnerability is particularly concerning in enterprise environments where NTLM authentication is widely used.

Remediation

To address this vulnerability, Microsoft has released security updates that should be applied as soon as possible. Organizations should:

Apply the latest security patches from Microsoft that address CVE-2021-31958
Consider implementing additional authentication mechanisms such as Kerberos where possible
Limit the use of NTLM authentication in favor of more secure protocols
Monitor systems for suspicious authentication attempts
Implement the principle of least privilege across all systems
Consider network segmentation to limit the potential impact of compromised credentials

References

Microsoft Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958
Common Weakness Enumeration (CWE-294): Authentication Bypass - https://cwe.mitre.org/data/definitions/294.html
Microsoft Security Response Center Portal: https://msrc.microsoft.com/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing: Medium
Manufacturing
Public Administration: Medium
Public Administration
Health Care & Social Assistance: Medium
Health Care & Social Assistance
Transportation & Warehousing: Medium
Transportation & Warehousing
Educational Services: Medium
Educational Services
Finance and Insurance: Medium
Finance and Insurance
Retail Trade: Medium
Retail Trade
Professional, Scientific, & Technical Services: Medium
Professional, Scientific, & Technical Services
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Utilities: Low
Utilities
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Accommodation & Food Services: Low
Accommodation & Food Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Mining: Low
Mining
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Construction: Low
Construction
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Wholesale Trade: Low
Wholesale Trade

^{CVE-2021-31958:}Windows NTLM Elevation of Privilege Vulnerability (CVE-2021-31958)

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!