CVE-2021-41371: 
vulnerability analysis and mitigation

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability, identified as CVE-2021-41371, was disclosed on September 17, 2021. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, Windows 7 SP1, Windows 8.1, Windows Server 2008 through 2022, and Windows RT 8.1 (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score with the following metrics: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access is required with low attack complexity and high privileges needed. The CVSS v2 score is (AV:L/AC:L/Au:N/C:P/I:N/A:N) (NVD).

This vulnerability could lead to information disclosure in Windows Remote Desktop Protocol (RDP). The impact is primarily focused on confidentiality with no direct impact on integrity or availability of the system (NVD).

Microsoft released security updates to address this vulnerability as part of their November 2021 Patch Tuesday updates. Users are advised to apply the security updates provided by Microsoft to affected systems (Krebs Security).

The vulnerability was part of Microsoft's November 2021 Patch Tuesday release, which addressed at least 55 security bugs in Windows operating systems and other software (Krebs Security).