CVE-2021-33779: Windows AD FS Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Publicly Disclosed

Yes

Patch Tuesday

2021-Jul

Released

2021-07-13

EPSS Score

1.08% (percentile: 77.8%)

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability relates to Primary Refresh Tokens which are usually stored in TPM. These tokens are usually used for SSO for Azure AD accounts. The tokens are not encrypted in a strong enough manner, and an administrator with access to a vulnerable system could extract and potentially decrypt the token for reuse until the token expires or is renewed.

Affected Products (6)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server, version 2004 (Server Core installation)
• Windows Server, version 20H2 (Server Core Installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

Security Updates (3)

• 5004244
• 5004237
• 5004238

Revision History

• 2021-07-13: Information published.