CVE-2021-36969: 
vulnerability analysis and mitigation

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability (CVE-2021-36969) was disclosed on September 14, 2021. This vulnerability affects various versions of Microsoft Windows including Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, and potential for high confidentiality impact without affecting integrity or availability. Under CVSS v2.0, it received a base score of 2.1 (Low) with the vector (AV:L/AC:L/Au:N/C:P/I:N/A:N) (NVD).

This vulnerability could allow an attacker to obtain information disclosure from affected systems. The impact is limited to confidentiality, with no effects on system integrity or availability (NVD).

Microsoft has released security updates to address this vulnerability. Multiple KB updates are available including KB5005565, KB5005566, KB5005568, KB5005573, and KB5005575 for different versions of Windows and Windows Server (Rapid7).