CVE-2021-42280: Windows Feedback Hub Elevation of Privilege Vulnerability Alert

Today is Microsoft’s monthly routine update day, so while the update is released, the Microsoft Security Response Center also announced the recently discovered and fixed security vulnerabilities.

There are still a lot of security vulnerabilities fixed this month, some of which are more harmful. The vulnerability that has caused concern is CVE-2021-42280, which originates from the Feedback Hub application built into Windows 10 and Windows 11.

Yes, that’s right. This application used to help users submit various feedback posts has a security vulnerability, but the flaw is not harmful enough to cause major problems.

According to the security bulletin issued by the Microsoft Security Response Center, the security vulnerability numbered CVE-2021-42280 was discovered by external researchers and confirmed by Microsoft.

The vulnerability is located in the Feedback Hub application built-in Windows 10 and 11. If an attacker successfully exploits this vulnerability, the target file on the device can be deleted.

The interesting thing is that even if the attacker successfully exploits it, he can only delete the file but cannot view or modify the file permissions, so it may be used for pranks.

According to Microsoft, the system versions affected by this vulnerability include x86, x64, and ARM64 versions of Windows 10 Version 1809 and all versions above.

Including Windows Server 2016/2019/2022 and Windows 11 are all affected, but the LTSB or LTSC series is not pre-installed and therefore are not affected.

After evaluation, Microsoft marked this vulnerability as important, but the evaluation showed that this vulnerability has not been exploited in the wild, and it is not easy to exploit the vulnerability.

The specific vulnerability details and potential exploitation methods are currently not disclosed by Microsoft, but Microsoft has fixed the vulnerability in the security update released today.