CVE-2021-24083

Q: What is the severity of CVE-2021-24083?

CVE-2021-24083 has a CVSS score of 7.8 (HIGH). CVE-2021-24083 is a remote code execution vulnerability in Windows Address Book that allows attackers to execute arbitrary code on affected systems. It affects Windows clients and servers when they process specially crafted files. Attackers could exploit this by tricking users into opening malicious files or visiting compromised websites.

7.8 HIGH

Remote Code Execution

📋 TL;DR

CVE-2021-24083 is a remote code execution vulnerability in Windows Address Book that allows attackers to execute arbitrary code on affected systems. It affects Windows clients and servers when they process specially crafted files. Attackers could exploit this by tricking users into opening malicious files or visiting compromised websites.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Windows versions are vulnerable. Windows Address Book functionality is present in standard installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining SYSTEM privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Limited user-level compromise leading to credential theft, lateral movement within networks, or installation of malware on individual systems.

🟢

If Mitigated

No impact if systems are patched, users avoid untrusted files, and proper endpoint protection blocks malicious content.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening files) but can be delivered via web downloads or email attachments.

🏢 Internal Only: HIGH - Internal users frequently share files and documents, creating multiple attack vectors within organizations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. Proof-of-concept code has been published, making weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: February 2021 security updates (KB4601319 for Windows 10 20H2, KB4601345 for Windows Server 2019, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083

Restart Required: Yes

Instructions:

1. Apply February 2021 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Restart systems after update installation.

🔧 Temporary Workarounds

Disable Windows Address Book Protocol Handler

windows

Prevents Windows from handling WAB files that could trigger the vulnerability

reg add "HKLM\SOFTWARE\Classes\wab\shell\open\command" /ve /d "" /f

Block WAB File Extensions

all

Prevents execution of Windows Address Book files at the network perimeter

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized applications
Deploy endpoint detection and response (EDR) solutions to detect and block malicious file execution

🔍 How to Verify

Check if Vulnerable:

Check Windows version and update status. Systems without February 2021 security updates are vulnerable.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify that February 2021 security updates (KB4601319, KB4601345, or equivalent) are installed via 'winver' or 'systeminfo' command.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected WAB file execution
Security logs with process creation events from wab.exe with suspicious parameters

Network Indicators:

Unusual outbound connections from systems after WAB file execution
Downloads of WAB files from untrusted sources

SIEM Query:

Process Creation where (ImagePath contains "wab.exe" AND CommandLine contains suspicious patterns)

📊 Metadata

CVE ID: CVE-2021-24083

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 25, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Address Book Protocol Handler

Block WAB File Extensions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities