Published: 15/12/2021 Updated: 23/05/2022
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows rt 8.1 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows 8.1 -

microsoft windows server 2016 2004

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows 10 21h2

microsoft windows 11 -

microsoft windows server 20h2

microsoft windows server 2022

Github Repositories

Blank Space Blank Space is a refactoring of James Forshaw's original proof of concept for CVE-2021-43893, EFSRPC arbitrary file upload privilege escalation Blank Space can create arbitrary files on a remote host that is using unconstrained delegation if it isn't patched for CVE-2021-43893 File creation is done using the privileges of the remote user, so code executi

CVE-2022-26809 This repo just simply research for the CVE, for more detailed ananlysis,please refer here UPDATE:05/19 2022 This ananlyze hasn't been finished yet UPDATE:05/22 2022 HuanGMz Post and corelight blog show the real vulnerable point: OSF_CASSOCIATION::ProcessBindAckOrNak This vulnerability is triggered like CVE-2021-43893, when send the ESFRPC request to ls

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

Recent Articles

Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild
The Register • Chris Williams, Editor in Chief • 15 Dec 2021

Get our weekly newsletter Round off the year with a large crop of fixes for programming blunders

Patch Tuesday It's not just Log4j you need to worry about this week. It's the final Patch Tuesday of the year.
If you haven't already installed these fixes, or started testing them ahead of deployment, now would be a good time before exploits are developed and deployed over the Christmas break. At least two of them – one in Windows AppX Installer and one in Chrome – are being exploited in the wild right now.
Let's start with Microsoft, which put out a summary of its security upda...