CVE-2021-28446: 
vulnerability analysis and mitigation

CVE-2021-28446 is a Windows Portmapping Information Disclosure Vulnerability that was identified and recorded on March 15, 2021. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 7 SP1, Windows 8.1, Windows Server 2008, 2012, 2016, and 2019 (NIST NVD, MITRE CVE).

The vulnerability has been assigned varying CVSS severity ratings. According to the NVD, it has a CVSS 3.1 Base Score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while Microsoft's assessment gives it a higher score of 7.1 (High) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The CVSS 2.0 base score is rated as 2.1 (Low) with a vector of (AV:L/AC:L/Au:N/C:P/I:N/A:N) (NIST NVD).

This vulnerability primarily affects information disclosure, with high potential for exposing sensitive data. The CVSS scores indicate that while the vulnerability requires local access, it can lead to significant confidentiality impacts without requiring user interaction (NIST NVD).

Microsoft has released security patches to address this vulnerability. The fix is available through the Microsoft security advisory and should be applied to affected systems (Microsoft Advisory).