CVE-2021-36927: Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Aug

Released

2021-08-10

Last Updated

2022-03-25

EPSS Score

0.22% (percentile: 45.2%)

Affected Products (15)

Other

• 10047
• 10048
• 10481
• 10482
• 10484
• 9312
• 10287
• 9318
• 9344
• 10051
• 10049
• 10378
• 10379
• 10483
• 10543

Security Updates (8)

• 5011552
• 5011529
• 5011564
• 5011560
• 5011534
• 5011525
• 5011535
• 5011527

Acknowledgments

JIWO Technology Co., Ltd, <a href="https://www.ncsc.gov.uk">The UK's National Cyber Security Centre (NCSC)</a>

Revision History

• 2021-08-10: Information published.
• 2022-03-08: To comprehensively address CVE-2021-36927, Microsoft has released March 2022 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
• 2022-03-25: Affected software updated with new package information.