HIGHCVSS7.5

Actively Exploited

KB5005030: Windows Server Security Update (August 2021)

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

Published Aug 12, 2021 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2021-11-17 under CISA BOD 22-01.

How the attack worksNo clicks needed

This vulnerability affects Microsoft Windows. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

→

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

●Windows Administrators

●Systems Engineers

●IT Security

●Running windows server 2004: v < 10.0.19041.1165; windows server 2008: -, r2; windows server 2012: -, r2; windows server 2016: v < 10.0.14393.4583; windows server 2019: v < 10.0.17763.2114; windows server 20h2: v < 10.0.19042.1165

Fixed inKB5005030, KB5005033, KB5005043, KB5005076, KB5005088, KB5005089, KB5005090, KB5005094, KB5005095, KB5005099, KB5005106 (applies to 16 product versions) — build 10.0.14393.4583, 10.0.17763.2114+

Real-world incidentsWhat we've seen

Used in known ransomware campaigns. Threat-research write-up: https://www.kb.cert.org/vuls/id/405600

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5005030

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

KB5005030 — https://support.microsoft.com/help/5005030

KB5005033 — https://support.microsoft.com/help/5005033

KB5005043 — https://support.microsoft.com/help/5005043

KB5005076 — https://support.microsoft.com/help/5005076

KB5005088 — https://support.microsoft.com/help/5005088

KB5005089 — https://support.microsoft.com/help/5005089

KB5005090 — https://support.microsoft.com/help/5005090

KB5005094 — https://support.microsoft.com/help/5005094

KB5005095 — https://support.microsoft.com/help/5005095

KB5005099 — https://support.microsoft.com/help/5005099

KB5005106 — https://support.microsoft.com/help/5005106

Supersedes: KB5004237, KB5004238, KB5004244, KB5004289, KB5004294, KB5004298, KB5004305

Affected Products

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

Fixed Build Numbers

10.0.14393.4583

10.0.17763.2114

10.0.19041.1165

10.0.19042.1165

6.0.6003.21192

6.1.7601.25685

6.2.9200.23435

6.3.9600.20094

Installation Methods

Windows Update (recommended)

Settings → Windows Update → Check for updates

The security update is offered if your system is in scope

Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

Open https://catalog.update.microsoft.com

Search for KB5005030

Download the package matching your OS architecture and Windows build

Run the .msu installer with administrator privileges

Restart when prompted

WSUS / SCCM / Intune

Approve KB5005030 for the affected products in your update management console.

Microsoft Download Center Links

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005043

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005076

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005088

(…6 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB5005030','KB5005033','KB5005043','KB5005076','KB5005088','KB5005089','KB5005090','KB5005094','KB5005095','KB5005099','KB5005106') }

References

Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942

KB article: https://support.microsoft.com/help/5005030

KB article: https://support.microsoft.com/help/5005033

KB article: https://support.microsoft.com/help/5005076

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2021-36942

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2021-36942 ↗ MSRC Advisory ↗ NVD ↗ KBKB5005030