LiveActive security incident?Get immediate response
CVE Record

CVE-2021-36942: Windows LSA Spoofing Vulnerability

Windows LSA Spoofing Vulnerability

HighCVSS 7.5Known exploitedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2021-36942 is a Windows Local Security Authority spoofing vulnerability affecting multiple Windows Server releases. The main business risk is exposure of confidential information. CISA lists it in the Known Exploited Vulnerabilities catalog, so treat affected servers as a priority, especially where Windows authentication services are important to operations.

Executive priority

Prioritize remediation as a known-exploited Windows Server vulnerability with high confidentiality impact. It is not described as causing service outage or data modification, but exploitation against authentication-adjacent Windows components can create material incident-response risk.

Technical view

The bundled CVSS 3.1 vector rates this high: network attack, low complexity, no privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity or availability impact. Affected products include Windows Server 2008 SP2/R2, 2012, 2012 R2, 2016, 2019, version 2004, and 20H2, including Server Core variants.

Likely exposure

Exposure is limited to the Microsoft Windows Server versions and builds listed in the source bundle. Server Core installations are explicitly included. The bundle does not identify affected client Windows editions, vulnerable configurations, or required service exposure beyond the CVSS network attack vector.

Exploitation context

CISA KEV status supports known exploitation. The bundle does not provide exploit timing, threat actor attribution, targeting patterns, or public exploit details. The CVSS temporal vector also indicates functional exploit maturity and an official fix, but operational details should be verified against Microsoft and CISA guidance.

Researcher notes

Do not infer affected Windows client products from this bundle. The available details identify spoofing in Windows LSA, affected server builds, KEV status, CVSS characteristics, and Microsoft advisory references. No safe source detail here supports exploit mechanics or environment-specific detection logic.

Mitigation direction

  • Apply Microsoft’s official update for CVE-2021-36942 on affected Windows Server systems.
  • Prioritize KEV remediation for internet-facing and authentication-critical servers.
  • Inventory Server Core installations, which are explicitly listed as affected.
  • Follow Microsoft guidance for unsupported or extended-support Windows Server versions.
  • Monitor CISA KEV entries for any updated due dates or remediation notes.

Validation and detection

  • Match server OS versions and build numbers against the affected list.
  • Confirm the relevant Microsoft security update is installed on each affected host.
  • Review vulnerability scanner findings for CVE-2021-36942 across Windows Server assets.
  • Check exception lists for legacy Windows Server systems still awaiting remediation.
  • Verify CISA KEV tracking marks this CVE as remediated where applicable.
Prepared
Confidence
high
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-36942 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
Yes
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
4Source links

CISA KEV status

Status
Known exploited
Source
CISA / ADP
Date added
Not provided

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C3.93.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2021-36942Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
MicrosoftWindows Server 201910.0.0Listed
MicrosoftWindows Server 2019 (Server Core installation)10.0.0Listed
MicrosoftWindows Server version 200410.0.0Listed
MicrosoftWindows Server version 20H210.0.0Listed
MicrosoftWindows Server 201610.0.0Listed
MicrosoftWindows Server 2016 (Server Core installation)10.0.0Listed
MicrosoftWindows Server 2008 Service Pack 26.0.0Listed
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)6.0.0Listed
MicrosoftWindows Server 2008 Service Pack 26.0.0Listed
MicrosoftWindows Server 2008 R2 Service Pack 16.1.0Listed
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)6.0.0Listed
MicrosoftWindows Server 20126.2.0Listed
MicrosoftWindows Server 2012 (Server Core installation)6.2.0Listed
MicrosoftWindows Server 2012 R26.3.0Listed
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.0Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.