What is CVE-2021-36942?

CVE-2021-36942 is a high-severity vulnerability in Microsoft Windows Local Security Authority (LSA) allowing spoofing attacks. Organizations must apply patches to safeguard against potential exploits.

What is the severity of CVE-2021-36942?

CVE-2021-36942 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2021-36942 | High Vulnerability in Microsoft Windows LSA

Q: Is CVE-2021-36942 in CISA KEV?

Yes. CVE-2021-36942 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-36942 is identified as a high-severity security vulnerability affecting Microsoft Windows, specifically concerning the Local Security Authority (LSA). This vulnerability allows for spoofing attacks that could lead to unauthorized access and potential compromise of sensitive information.

With a CVSS score of 7.5, this vulnerability is classified as high. The implications of this vulnerability are serious, as it can be exploited by attackers to obtain access to systems without proper authentication, thereby jeopardizing the integrity of network security.

Organizations should prioritize addressing this vulnerability due to its potential impact on confidentiality. The attack vector is network-based, and it requires no user interaction or privileges, increasing the risk of exploitation in real-world scenarios.

Given the critical nature of this vulnerability and its inclusion in the Known Exploited Vulnerabilities (KEV) catalog, organizations should act swiftly to implement the necessary patches and updates as per vendor instructions to mitigate risks.

Vulnerability Details

The vulnerability, known as "Windows LSA Spoofing Vulnerability", was published on August 12, 2021. It allows an unauthenticated attacker to manipulate LSA and trick the domain controller into authenticating against another server using NTLM. This flaw could lead to unauthorized access to sensitive information.

The CVSS score of 7.5 indicates a high severity level, with a low attack complexity, meaning that exploiting this vulnerability does not require sophisticated skills or resources.

Technical Analysis

The root cause of this vulnerability lies in the improper validation of LSA requests. Attackers can leverage this flaw through network access, allowing them to impersonate users and gain unauthorized access without needing any credentials.

The attack vector is purely network-based, classifying it as a remote exploitation vulnerability. The complexity is low, and the attack does not require user interaction, making this vulnerability particularly dangerous.

The impact on confidentiality is high, as unauthorized access could lead to data breaches and loss of sensitive information, while integrity and availability impacts are not applicable for this vulnerability.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to critical systems, leading to data compromise. The vulnerability affects a wide range of Windows Server versions, increasing the blast radius in case of an exploit. Organizations must assess their environments for exposure and prioritize patching to avert possible exploitation.

Considering the CVSS score and its classification as a known exploited vulnerability, organizations should prioritize patching immediately to mitigate risks associated with potential exploitation.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The following Microsoft Windows Server versions are affected by CVE-2021-36942: Windows Server 2004, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 20H2. Organizations should ensure that they have patched to the latest versions to mitigate risks.

Mitigation & Remediation

To mitigate the risks associated with CVE-2021-36942, organizations should apply patches provided by Microsoft. The recommended action is to apply updates per vendor instructions. For more information on the updates, refer to the security guidance provided by Microsoft.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts. Look for anomalies in authentication attempts and unusual network activity that may signal an attack leveraging this vulnerability.

AppSecure Threat Intelligence Insight

CVE-2021-36942 represents a significant risk for organizations due to its ability to facilitate unauthorized access. Security teams should implement a comprehensive vulnerability management program, ensuring they stay informed about emerging threats and trends. For further insights, organizations can explore our vulnerability management program and consider continuous security testing to validate their defenses.

Security teams should also review and strengthen their incident response plans, ensuring they are prepared for potential exploitation. Additional resources on penetration testing can provide further insights into effective security practices.

Overall, organizations must remain vigilant and proactive in their security measures to protect against vulnerabilities like CVE-2021-36942.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-36942: High Vulnerability in Microsoft Windows LSA