PT-2021-5194 · Microsoft · Windows

Polar Bear

Published

2021-07-13

Updated

2023-12-28

CVE-2021-33772

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in Microsoft Windows, caused by insufficient input validation. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted input to the application.

Recommendations For Windows versions prior to the fixed version, apply the patch from the latest patchday to resolve the issue. As a temporary workaround, consider restricting access to the TCP/IP driver to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-05995

CVE-2021-33772

Affected Products

Windows

PT-2021-5194 · Microsoft · Windows

CVE-2021-33772

Weakness Enumeration

Related Identifiers

Affected Products

References · 10