CVE-2021-36960: 
vulnerability analysis and mitigation

CVE-2021-36960 is a Windows SMB Information Disclosure Vulnerability that affects various versions of Microsoft Windows operating systems. The vulnerability was disclosed on July 19, 2021, and received a CVSS v3.1 base score of 7.5 (HIGH) (NVD).

The vulnerability is characterized by a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and primarily impacts confidentiality (NVD). The vulnerability is unique from CVE-2021-36972 and affects the Windows Server Message Block (SMB) protocol.

This vulnerability allows an attacker to obtain sensitive information from affected systems through the SMB protocol. The high confidentiality impact rating (C:H) in the CVSS score indicates that the vulnerability could lead to significant information disclosure (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions including Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Users are advised to apply the appropriate security patches for their systems (Rapid7).