05.20.2021

Windows 2004/20H2 vuln

MCNC Admin Avatar
By MCNC Admin
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 5/20/2021

Action Level - Critical

Description

MCNC would like to make you aware of a new threat affecting some versions of Windows 10 and Windows Server. This exploit, tracked as CVE-2021-31166, is believed to allow remote code execution and could be wormable (i.e. spread from device to device without human interaction) in the near future.

Due to the nature and critical severity of this vulnerability, and its ability to impact Windows devices that are internal to your network, MCNC recommends patching as soon as possible.

Full information including affected versions and update downloads can be found on the official Microsoft security page.

Affected Devices

  • Windows 10 versions 2004 or 20H2
  • Windows Server Semi-Annual Channel (SAC) versions 2004 or 20H2
    • NOTE:This does not affect Long-Term Servicing Channel (LTSC) Windows Server such as Server 2016 or 2019.

Attack Vector

Any student, employee, or person with internal or external network access to a vulnerable device may exploit this vulnerability.

Attack Feasibility

Currently there is a proof of concept freely available on GitHub which permits any device capable of running Python to execute a forced reboot of the target device. The attacker only needs the IP Address of the target machine and can easily execute this repeatedly in a sweeping fashion to disrupt the learning environment.

Mitigations

As network access is required to exploit this vulnerability, properly segmented networks will prevent a scenario where a student attempts to exploit an instructor device to disrupt learning. For externally facing Windows Server SAC 2004 and 20H2, any bad actor with IP access can exploit this vulnerability.

Remediation

Because simple network access is required, the only true remediation is to update these devices as soon as possible.

<-- Return to Cybersecurity Alerts...

MCNC Admin
MCNC Admin
MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Uslinkedintwitterfacebookyoutube
© 2021 MCNC