CVE-2021-41363: Intune Management Extension Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 4.2)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Oct

Released

2021-10-12

Last Updated

2021-10-14

EPSS Score

0.19% (percentile: 41.2%)

FAQ

Are there any pre-requisites for this vulnerability to be exploited in Intune Management Extension? This vulnerability only exists when Intune Management Extension is enabled as managed installer. Enabling IME as managed installer requires local administrator privileges. What should I do to protect myself from this vulnerability? No action is required. As soon as the client connects to the service, it automatically receives a message to update.

Affected Products (1)

Apps

• Intune management extension

Acknowledgments

<a href="https://twitter.com/thewmiguy">Kim Oppalfens</a> with <a href="https://www.oscc.be">OSCC</a>

Revision History

• 2021-10-12: Information published.
• 2021-10-14: The following revisions have been made: 1) In the Security Updates table, Build Number and Article link have been added. 2) FAQs have been updated to provide information about what to do to be protected from this vulnerability.