Hello,
This is regarding Windows OVAL Definition for CVE-2021-41338 - Windows
AppContainer Firewall Rules Security Feature Bypass Vulnerability.
According to OVAL Definitions, the CVE-2021-41338 affects Microsoft
Windows 10, Microsoft Windows Server 2016, and Microsoft Windows Server
2019.
[image: image.png]
I’ve attached the section of the Windows OVAL Definition containing this
vulnerability for your reference.
Microsoft indicates that this firewallAPI.dll has two binary versions
depending on the location, System32 or WoW64. The issue is that OVAL checks
only the version number regardless of its location.
For example:
Microsoft indicates that Windows Server 2016 is vulnerable if:
The firewallapi.dll version in the “%WinDir%\System32” directory is
less than 10.0.14393.4169.
OR
The firewallapi.dll version in the “%WinDir%\sysWoW64” directory is
less than 10.0.14393.4704.
However, Windows OVAL Definition simply indicates that Windows Server 2016
is vulnerable if the firewallAPI.dll version is less than
10.0.14393.4704. Therefore, it marks a server running Windows Server 2016
as vulnerable to this CVE-2021-41338 because the firewallapi.dll version
in the “%WinDir%\System32” directory is less than 10.0.14393.4704.
Microsoft provided a list of the minimum firewallapi.dll versions of the
affected systems according to OVAL Definitions below.
Operating System
Minimum firewallapi.dll version
%WinDir%\System32
%WinDir%\sysWoW64
Windows 10 Version 1607 for 32-bit Systems
10.0.14393.4169
10.0.14393.4704
Windows 10 Version 1607 for x64-based Systems
10.0.14393.4169
10.0.14393.4704
Windows 10 Version 1809 for 32-bit Systems
10.0.17763.2237
10.0.17763.2237
Windows 10 Version 1809 for x64-based Systems
10.0.17763.2237
10.0.17763.2237
Windows 10 Version 1909 for 32-bit Systems
10.0.18362.1854
10.0.18362.1832
Windows 10 Version 1909 for x64-based Systems
10.0.18362.1854
10.0.18362.1832
Windows 10 Version 2004 for 32-bit Systems
10.0.19041.1288
10.0.19041.1266
Windows 10 Version 2004 for x64-based Systems
10.0.19041.1288
10.0.19041.1266
Windows 10 Version 20H2 for 32-bit Systems
10.0.19041.1288
10.0.19041.1266
Windows 10 Version 20H2 for x64-based Systems
10.0.19041.1288
10.0.19041.1266
Windows 10 Version 21H1 for 32-bit Systems
10.0.19041.1288
10.0.19041.1266
Windows 10 Version 21H1 for x64-based Systems
10.0.19041.1288
10.0.19041.1266
Windows Server 2016
10.0.14393.4169
10.0.14393.4704
Windows Server 2016 (Server Core installation)
10.0.14393.4169
10.0.14393.4704
Windows Server 2019
10.0.17763.2237
10.0.17763.2237
Can someone please provide me with a way to remediate this? How can we get
this section of OVAL Definitions updated?
Your help will be much appreciated.
Thank you.
Liam