CVE-2021-34460 – CVE-2021-34460 is an elevation of privilege vul... (How to Fix)

Q: What is the severity of CVE-2021-34460?

CVE-2021-34460 has a CVSS score of 7.8 (HIGH). CVE-2021-34460 is an elevation of privilege vulnerability in the Windows Storage Spaces Controller that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Windows systems with Storage Spaces configured. Attackers need local access to exploit this vulnerability.

📋 TL;DR

CVE-2021-34460 is an elevation of privilege vulnerability in the Windows Storage Spaces Controller that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Windows systems with Storage Spaces configured. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows Storage Spaces Controller

Versions: Windows 10 versions 2004, 20H2, 21H1; Windows Server 2022, 2019, 2016; Windows Server, version 2004, 20H2

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ✅ No

Notes: Requires Storage Spaces feature to be configured/enabled. Not vulnerable on default installations without Storage Spaces.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling complete control over the affected system, data theft, lateral movement, and persistence establishment.

🟠

Likely Case

Privilege escalation from standard user to SYSTEM, allowing installation of malware, credential harvesting, and bypassing security controls.

🟢

If Mitigated

Limited impact with proper access controls, network segmentation, and monitoring in place, though privilege escalation remains possible.

🌐 Internet-Facing: LOW - Requires local authentication and Storage Spaces configuration, not directly exploitable over internet.

🏢 Internal Only: HIGH - Internal attackers with standard user access can escalate to SYSTEM privileges on vulnerable systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access and Storage Spaces configuration. Public proof-of-concept code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2021 security updates (KB5004237, KB5004238, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34460

Restart Required: Yes

Instructions:

1. Apply July 2021 Windows security updates via Windows Update. 2. For enterprise environments, deploy patches through WSUS or SCCM. 3. Restart affected systems after patch installation.

🔧 Temporary Workarounds

Disable Storage Spaces

windows

Remove or disable Storage Spaces feature if not required

Disable-WindowsOptionalFeature -Online -FeatureName Storage-Services

Restrict Access

all

Implement strict access controls to limit who can access systems with Storage Spaces

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Monitor for suspicious activity related to Storage Spaces Controller

🔍 How to Verify

Check if Vulnerable:

Check if Storage Spaces is enabled: Get-WindowsOptionalFeature -Online -FeatureName Storage-Services

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify July 2021 security updates are installed: Get-HotFix -Id KB5004237, KB5004238, etc.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation by Storage Spaces Controller
Privilege escalation attempts
Suspicious access to Storage Spaces components

Network Indicators:

Unusual local authentication patterns
Lateral movement from Storage Spaces systems

SIEM Query:

EventID=4688 AND ProcessName LIKE '%spaceport.sys%' OR ProcessName LIKE '%storport.sys%'

📊 Metadata

CVE ID: CVE-2021-34460

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: July 16, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34460 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34460 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34460, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Storage Spaces

Restrict Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities