| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-41379 | Microsoft Windows Installer Privilege Escalation Vulnerability | primary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
The vulnerability in Microsoft Windows allows local attackers to escalate privileges by exploiting a flaw in the Windows Installer service. By creating a junction, attackers can delete targeted files or directories, potentially executing arbitrary code with SYSTEM privileges. However, attackers must already have access and the ability to execute low-privileged code on the target system to exploit this vulnerability.
This vulnerability has been identified as exploited in the wild; however, specific details on how the vulnerability was exploited have not been publicly released.
References
|
| CVE-2021-41379 | Microsoft Windows Installer Privilege Escalation Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
The vulnerability in Microsoft Windows allows local attackers to escalate privileges by exploiting a flaw in the Windows Installer service. By creating a junction, attackers can delete targeted files or directories, potentially executing arbitrary code with SYSTEM privileges. However, attackers must already have access and the ability to execute low-privileged code on the target system to exploit this vulnerability.
This vulnerability has been identified as exploited in the wild; however, specific details on how the vulnerability was exploited have not been publicly released.
References
|