الثغرات ›

CVE-2021-31201

حرج 🇺🇸 CISA KEV ⚡ اختراق متاح

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

                    نُشر: Nov 3, 2021                                          ·  المصدر: CISA_KEV                

CVSS v3

9.0

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability — Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

🤖 ملخص AI

CVE-2021-31201 is a critical privilege escalation vulnerability in Microsoft Enhanced Cryptographic Provider with a CVSS score of 9.0. An attacker can exploit this unspecified vulnerability to escalate privileges on affected systems. With public exploits available, this poses an immediate threat to Saudi organizations relying on Windows-based cryptographic operations for secure communications and data protection.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: Apr 20, 2026 17:35

🇸🇦 التأثير على المملكة العربية السعودية

This vulnerability directly impacts Saudi banking sector (SAMA-regulated institutions), government agencies (NCA, NCSC), healthcare providers, and energy sector organizations (ARAMCO, SEC). The privilege escalation capability threatens cryptographic key management systems, digital signature operations, and secure communications infrastructure. Organizations using Windows-based PKI systems and cryptographic modules for compliance with SAMA CSF and NCA ECC requirements are at highest risk. Telecom operators (STC, Mobily) managing encrypted communications are also vulnerable.

🏢 القطاعات السعودية المتأثرة

Banking & Financial Services Government & Public Administration Healthcare & Medical Services Energy & Utilities Telecommunications Defense & Security Critical Infrastructure

🎯 تقنيات MITRE ATT&CK

T1134 - Access Token Manipulation T1548 - Abuse Elevation Control Mechanism T1548.002 - Bypass User Account Control T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1543 - Create or Modify System Process T1574 - Hijack Execution Flow

⚖️ درجة المخاطر السعودية (AI)

9.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running Microsoft Enhanced Cryptographic Provider (typically Windows systems with cryptographic operations)

2. Assess exposure in critical infrastructure: banking systems, government networks, healthcare facilities, energy operations

3. Implement network segmentation to isolate affected systems from untrusted networks

4. Enable enhanced monitoring for privilege escalation attempts



PATCHING GUIDANCE:

1. Apply Microsoft security updates immediately (prioritize SAMA-regulated and government systems)

2. Test patches in non-production environments first

3. Deploy patches to all affected Windows systems within 48 hours

4. Verify patch installation with: certutil -store -enterprise Root



COMPENSATING CONTROLS (if patching delayed):

1. Restrict local access to cryptographic provider modules

2. Implement application whitelisting to prevent unauthorized privilege escalation attempts

3. Enable Windows Defender Exploit Guard and Attack Surface Reduction rules

4. Monitor Event Viewer for privilege escalation events (Event ID 4688, 4689)



DETECTION RULES:

1. Monitor for unusual process creation with elevated privileges

2. Alert on access to HKLM\Software\Microsoft\Cryptography registry keys

3. Track CryptoAPI function calls from unexpected processes

4. Monitor for failed and successful privilege escalation attempts in security logs

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تشغل مزود التشفير المحسّن من Microsoft

2. تقييم التعرض في البنية التحتية الحرجة: أنظمة البنوك والشبكات الحكومية والمرافق الصحية

3. تطبيق تقسيم الشبكة لعزل الأنظمة المتأثرة

4. تفعيل المراقبة المحسّنة لمحاولات تصعيد الامتيازات



إرشادات التصحيح:

1. تطبيق تحديثات أمان Microsoft فوراً (إعطاء الأولوية للأنظمة المنظمة من SAMA والحكومية)

2. اختبار التصحيحات في بيئات غير الإنتاج أولاً

3. نشر التصحيحات على جميع أنظمة Windows المتأثرة خلال 48 ساعة

4. التحقق من تثبيت التصحيح



الضوابط البديلة:

1. تقييد الوصول المحلي إلى وحدات مزود التشفير

2. تطبيق قائمة بيضاء للتطبيقات

3. تفعيل Windows Defender Exploit Guard

4. مراقبة سجلات الأحداث لمحاولات تصعيد الامتيازات

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

ECC 2024 - 5.1.1 Access Control Policy ECC 2024 - 5.2.1 User Registration and De-registration ECC 2024 - 5.3.1 Privilege Management ECC 2024 - 6.1.1 Cryptographic Controls ECC 2024 - 6.2.1 Key Management

🔵 SAMA CSF

SAMA CSF - Governance & Risk Management (GRM-01: Cybersecurity Governance) SAMA CSF - Protective Technology (PT-01: Cryptographic Controls) SAMA CSF - Protective Technology (PT-02: Access Control) SAMA CSF - Protective Technology (PT-03: Secure Configuration)

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.2 Information Security Policies ISO 27001:2022 - A.8.2 Privileged Access Rights ISO 27001:2022 - A.10.1 Cryptography ISO 27001:2022 - A.13.1 Network Security

🟣 PCI DSS v4.0

PCI DSS 4.1 - Strong Cryptography PCI DSS 7.1 - Restrict Access to Cardholder Data PCI DSS 8.2 - Ensure User Identity is Properly Managed

🔗 المراجع والمصادر 0

لا توجد مراجع.

📦 المنتجات المتأثرة 1 منتج

Microsoft:Enhanced Cryptographic Provider

📊 CVSS Score

9.0

/ 10.0 — حرج

📋 حقائق سريعة

الخطورة حرج

CVSS Score9.0

EPSS1.54%

اختراق متاح ✓ نعم

تصحيح متاح ✓ نعم

CISA KEV🇺🇸 Yes

تاريخ الإصلاح2021-11-17

تاريخ النشر 2021-11-03

المصدر cisa_kev

المشاهدات 4

🇸🇦 درجة المخاطر السعودية

9.2

/ 10.0 — مخاطر السعودية

أولوية: CRITICAL

🏷️ الوسوم

kev actively-exploited

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2021-31201

عرّفنا بنفسك

تسجيل الدخول مطلوب