Site icon DataSec Peripherals Pvt Ltd

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

shashikant redekar

Original Issue Date: September 16, 2021

Severity Rating: HIGH

Software Affected

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for 32-bit & x64-based systems

Windows 7 for 32-bit & x64-based Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for 32-bit & x64-based Systems

Windows 10 for 32-bit & x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit & x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for 32-bit & x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit & x64-based Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for 32-bit & x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit & x64-based Systems

Overview

A vulnerability exists in Windows WLAN AutoConfig Service which could allow a remote attacker to execute arbitrary code on the target system.

Description

This vulnerability exists in Windows WLAN AutoConfig Service due to improper input validation. A remote attacker could exploit this vulnerability by sending a specially crafted request.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target system.

Solution

Apply appropriate as mentioned by vendor.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.

Exit mobile version