CVE-2021-26431

Name of the Vulnerable Software and Affected Versions Windows Recovery Environment Agent (affected versions not specified) Microsoft Windows (affected versions not specified)

Description The vulnerability is related to insufficient access control in the Windows Recovery Environment Agent component of Microsoft Windows operating systems. This issue can be exploited to elevate privileges. There is also a mention of an improper access control authentication bypass vulnerability in the Microsoft Windows Lock Screen. An elevation-of-privilege vulnerability allows attackers to affect the system.

Recommendations For Windows Recovery Environment Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Windows, consider restricting access to sensitive components until a patch is available. As a temporary workaround, consider disabling any functions related to the Windows Lock Screen that may be vulnerable to improper access control authentication bypass until a patch is available.