CVE-2021-26887

Summary

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 2004N/Aaffected
MicrosoftWindows Server version 2004N/Aaffected
MicrosoftWindows 10 Version 20H2N/Aaffected
MicrosoftWindows Server version 20H2N/Aaffected
MicrosoftWindows 10 Version 1803N/Aaffected
MicrosoftWindows 10 Version 1809N/Aaffected
MicrosoftWindows Server 2019N/Aaffected
MicrosoftWindows Server 2019 (Server Core installation)N/Aaffected
MicrosoftWindows 10 Version 1909N/Aaffected
MicrosoftWindows Server, version 1909 (Server Core installation)N/Aaffected
MicrosoftWindows 10 Version 1507N/Aaffected
MicrosoftWindows 10 Version 1607N/Aaffected
MicrosoftWindows Server 2016N/Aaffected
MicrosoftWindows Server 2016 (Server Core installation)N/Aaffected
MicrosoftWindows 7N/Aaffected
MicrosoftWindows 7 Service Pack 1N/Aaffected
MicrosoftWindows 8.1N/Aaffected
MicrosoftWindows Server 2008 Service Pack 2N/Aaffected
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)N/Aaffected
MicrosoftWindows Server 2008 Service Pack 2N/Aaffected
MicrosoftWindows Server 2008 R2 Service Pack 1N/Aaffected
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)N/Aaffected
MicrosoftWindows Server 20126.2.0 < publicationaffected
MicrosoftWindows Server 2012 (Server Core installation)6.2.0 < publicationaffected
MicrosoftWindows Server 2012 R2N/Aaffected
MicrosoftWindows Server 2012 R2 (Server Core installation)N/Aaffected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References