Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for windows_server_2004 by microsoft

    CVE-2026-50508 (GCVE-0-2026-50508)

    Vulnerability from nvd – Published: 2026-06-09 17:05 – Updated: 2026-07-01 20:14
    VLAI
    Title
    Windows NTLM Spoofing Vulnerability
    Summary
    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22631.7219 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.26132 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.26132 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.23228 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.23228 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.5256 (custom)
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19045.7417 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:02:47.315449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:02:53.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 11 version 22H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22631.7219",
                  "status": "affected",
                  "version": "10.0.22621.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.26132",
                  "status": "affected",
                  "version": "6.2.9200.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.26132",
                  "status": "affected",
                  "version": "6.2.9200.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.23228",
                  "status": "affected",
                  "version": "6.3.9600.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.23228",
                  "status": "affected",
                  "version": "6.3.9600.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.5256",
                  "status": "affected",
                  "version": "10.0.20348.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19045.7417",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.20348.5256",
                      "versionStartIncluding": "10.0.20348.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.19045.7417",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "10.0.22631.7219",
                      "versionStartIncluding": "10.0.22621.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.2.9200.26132",
                      "versionStartIncluding": "6.2.9200.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.2.9200.26132",
                      "versionStartIncluding": "6.2.9200.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.3.9600.23228",
                      "versionStartIncluding": "6.3.9600.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.3.9600.23228",
                      "versionStartIncluding": "6.3.9600.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T20:14:06.706Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows NTLM Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508"
            }
          ],
          "title": "Windows NTLM Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50508",
        "datePublished": "2026-06-09T17:05:17.278Z",
        "dateReserved": "2026-06-04T19:00:41.292Z",
        "dateUpdated": "2026-07-01T20:14:06.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-43226 (GCVE-0-2021-43226)

    Vulnerability from nvd – Published: 2021-12-15 14:15 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Summary
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1977 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1977:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.405 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1415:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1415 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1415:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1415 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1415:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.376 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H2 Affected: 10.0.0 , < 10.0.19044.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19145 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20207:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23545 (custom)
    Affected: 6.2.0 , < 6.2.9200.23540 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23545 (custom)
    Affected: 6.2.0 , < 6.2.9200.23540 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-12-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43226",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-04T03:55:25.776895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-06",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43226"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:22.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43226"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-06T00:00:00.000Z",
                "value": "CVE-2021-43226 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:55:27.005Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1977:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1977",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.405",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1415:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1415:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1415:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.376",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19044.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19145",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20207:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23545",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.9200.23540",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23545",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.9200.23540",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:44:20.762Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226"
            }
          ],
          "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-43226",
        "datePublished": "2021-12-15T14:15:12.000Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:22.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42278 (GCVE-0-2021-42278)

    Vulnerability from nvd – Published: 2021-11-10 00:47 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Active Directory Domain Services Elevation of Privilege Vulnerability
    Summary
    Active Directory Domain Services Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.350 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-11-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42278"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42278",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:05:48.311573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-11",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42278"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:25.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42278"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-11T00:00:00.000Z",
                "value": "CVE-2021-42278 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.350",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Active Directory Domain Services Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:48:04.953Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42278"
            }
          ],
          "title": "Active Directory Domain Services Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-42278",
        "datePublished": "2021-11-10T00:47:05.000Z",
        "dateReserved": "2021-10-12T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:25.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41379 (GCVE-0-2021-41379)

    Vulnerability from nvd – Published: 2021-11-10 00:46 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Installer Elevation of Privilege Vulnerability
    Summary
    Windows Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1916 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.350 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.318 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19119 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20174:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-11-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:32.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1308/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41379",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:06:23.193502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41379"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:26.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41379"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-03T00:00:00.000Z",
                "value": "CVE-2021-41379 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1916",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.350",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.318",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19119",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20174:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:47:38.867Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1308/"
            }
          ],
          "title": "Windows Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-41379",
        "datePublished": "2021-11-10T00:46:55.000Z",
        "dateReserved": "2021-09-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:26.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41357 (GCVE-0-2021-41357)

    Vulnerability from nvd – Published: 2021-10-13 00:28 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41357"
                  },
                  "type": "kev"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41357",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T15:03:56.547814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:28.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41357"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-25T00:00:00.000Z",
                "value": "CVE-2021-41357 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:32.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41357"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:48.230Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41357"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-41357",
        "datePublished": "2021-10-13T00:28:21.000Z",
        "dateReserved": "2021-09-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:28.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40450 (GCVE-0-2021-40450)

    Vulnerability from nvd – Published: 2021-10-13 00:26 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1854 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40450",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:34:09.939626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:28.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-25T00:00:00.000Z",
                "value": "CVE-2021-40450 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1854",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:21.901Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40450",
        "datePublished": "2021-10-13T00:26:49.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:28.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40449 (GCVE-0-2021-40449)

    Vulnerability from nvd – Published: 2021-10-13 00:26 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1854 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19086 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20144:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23490 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23490 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40449",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T14:36:14.212566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-17",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40449"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:29.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40449"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-17T00:00:00.000Z",
                "value": "CVE-2021-40449 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1854",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19086",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20144:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23490",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23490",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:10.960Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40449",
        "datePublished": "2021-10-13T00:26:47.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:29.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40444 (GCVE-0-2021-40444)

    Vulnerability from nvd – Published: 2021-09-15 11:24 – Updated: 2026-03-11 03:55
    VLAI CISA KEVIntel
    Title
    Microsoft MSHTML Remote Code Execution Vulnerability
    Summary
    <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1801 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.230 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19060 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
    Affected: 6.1.0 , < 6.1.7601.26221 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
    Affected: 6.1.0 , < 6.1.7601.26221 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25712 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23462 (custom)
    Affected: 6.2.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23462 (custom)
    Affected: 6.2.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-09-07 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40444",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2021-09-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:55:26.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1801",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.230",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19060",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.7601.26221",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.7601.26221",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-09-07T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "\u003cp\u003eMicrosoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\u003c/p\u003e\n\u003cp\u003eAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \u201cSuspicious Cpl File Execution\u201d.\u003c/p\u003e\n\u003cp\u003eUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003cstrong\u003eMitigations\u003c/strong\u003e and \u003cstrong\u003eWorkaround\u003c/strong\u003e sections for important information about steps you can take to protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUPDATE\u003c/strong\u003e September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\u003c/p\u003e\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:37:23.721Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
            }
          ],
          "title": "Microsoft MSHTML Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40444",
        "datePublished": "2021-09-15T11:24:26.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2026-03-11T03:55:26.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-36955 (GCVE-0-2021-36955)

    Vulnerability from nvd – Published: 2021-09-15 11:23 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Summary
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1801 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.230 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19060 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23462 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23462 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-09-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36955",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:46:54.770785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:33.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36955 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1801",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.230",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19060",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-09-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:37:01.943Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955"
            }
          ],
          "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36955",
        "datePublished": "2021-09-15T11:23:32.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:33.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36948 (GCVE-0-2021-36948)

    Vulnerability from nvd – Published: 2021-08-12 18:12 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Update Medic Service Elevation of Privilege Vulnerability
    Summary
    Windows Update Medic Service Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:06.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36948",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:11:59.875479Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36948"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36948"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36948 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Update Medic Service Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:54:02.577Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948"
            }
          ],
          "title": "Windows Update Medic Service Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36948",
        "datePublished": "2021-08-12T18:12:37.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36942 (GCVE-0-2021-36942)

    Vulnerability from nvd – Published: 2021-08-12 18:12 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows LSA Spoofing Vulnerability
    Summary
    Windows LSA Spoofing Vulnerability
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#405600",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/405600"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36942",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:49:20.734286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36942 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows LSA Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:53:59.348Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "VU#405600",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/405600"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
            }
          ],
          "title": "Windows LSA Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36942",
        "datePublished": "2021-08-12T18:12:29.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34486 (GCVE-0-2021-34486)

    Vulnerability from nvd – Published: 2021-08-12 18:11 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Event Tracing Elevation of Privilege Vulnerability
    Summary
    Windows Event Tracing Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-416 - Use After Free
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34486",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T15:43:01.578453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34486"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34486"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-28T00:00:00.000Z",
                "value": "CVE-2021-34486 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Event Tracing Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:53:52.231Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486"
            }
          ],
          "title": "Windows Event Tracing Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-34486",
        "datePublished": "2021-08-12T18:11:58.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34484 (GCVE-0-2021-34484)

    Vulnerability from nvd – Published: 2021-08-12 18:11 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows User Profile Service Elevation of Privilege Vulnerability
    Summary
    Windows User Profile Service Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19022 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20094:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.346Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34484",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:16:16.781480Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-31",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34484"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34484"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-31T00:00:00.000Z",
                "value": "CVE-2021-34484 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19022",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20094:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows User Profile Service Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:54:07.228Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484"
            }
          ],
          "title": "Windows User Profile Service Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-34484",
        "datePublished": "2021-08-12T18:11:55.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33771 (GCVE-0-2021-33771)

    Vulnerability from nvd – Published: 2021-07-14 17:53 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Kernel Elevation of Privilege Vulnerability
    Summary
    Windows Kernel Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1679 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19003 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:23.153Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33771"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33771",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T15:34:13.481047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33771"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:41.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33771"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-33771 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1679",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19003",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Kernel Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T22:36:28.316Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33771"
            }
          ],
          "title": "Windows Kernel Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-33771",
        "datePublished": "2021-07-14T17:53:43.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:41.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31979 (GCVE-0-2021-31979)

    Vulnerability from nvd – Published: 2021-07-14 17:53 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Kernel Elevation of Privilege Vulnerability
    Summary
    Windows Kernel Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1679 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19003 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23409 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23409 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:31.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-31979",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-04T17:04:18.548649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31979"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:41.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31979"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-31979 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1679",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19003",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23409",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23409",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Kernel Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T22:36:47.795Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979"
            }
          ],
          "title": "Windows Kernel Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-31979",
        "datePublished": "2021-07-14T17:53:16.000Z",
        "dateReserved": "2021-04-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:41.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-50508 (GCVE-0-2026-50508)

    Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-07-01 20:14
    VLAI
    Title
    Windows NTLM Spoofing Vulnerability
    Summary
    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22631.7219 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.26132 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.26132 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.23228 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.23228 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.9234 (custom)
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.5256 (custom)
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19045.7417 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:02:47.315449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:02:53.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 11 version 22H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22631.7219",
                  "status": "affected",
                  "version": "10.0.22621.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.26132",
                  "status": "affected",
                  "version": "6.2.9200.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.26132",
                  "status": "affected",
                  "version": "6.2.9200.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.23228",
                  "status": "affected",
                  "version": "6.3.9600.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.23228",
                  "status": "affected",
                  "version": "6.3.9600.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.9234",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.5256",
                  "status": "affected",
                  "version": "10.0.20348.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19045.7417",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.20348.5256",
                      "versionStartIncluding": "10.0.20348.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.19045.7417",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "10.0.22631.7219",
                      "versionStartIncluding": "10.0.22621.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.9234",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.2.9200.26132",
                      "versionStartIncluding": "6.2.9200.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.2.9200.26132",
                      "versionStartIncluding": "6.2.9200.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.3.9600.23228",
                      "versionStartIncluding": "6.3.9600.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "6.3.9600.23228",
                      "versionStartIncluding": "6.3.9600.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T20:14:06.706Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows NTLM Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508"
            }
          ],
          "title": "Windows NTLM Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-50508",
        "datePublished": "2026-06-09T17:05:17.278Z",
        "dateReserved": "2026-06-04T19:00:41.292Z",
        "dateUpdated": "2026-07-01T20:14:06.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-43226 (GCVE-0-2021-43226)

    Vulnerability from cvelistv5 – Published: 2021-12-15 14:15 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Summary
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2366 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1977 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1977:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.405 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1415:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1415 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1415:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1415 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1415:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.376 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H2 Affected: 10.0.0 , < 10.0.19044.1415 (custom)
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19145 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4825 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20207:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21309 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25796 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23545 (custom)
    Affected: 6.2.0 , < 6.2.9200.23540 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23545 (custom)
    Affected: 6.2.0 , < 6.2.9200.23540 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20207 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-12-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43226",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-04T03:55:25.776895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-06",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43226"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:22.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43226"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-06T00:00:00.000Z",
                "value": "CVE-2021-43226 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:55:27.005Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2366",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1977:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1977",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.405",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1415:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1415:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1415:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.376",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19044.1415",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19145",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4825",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20207:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21309",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25796",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23545",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.9200.23540",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23545",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.9200.23540",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20207",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:44:20.762Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226"
            }
          ],
          "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-43226",
        "datePublished": "2021-12-15T14:15:12.000Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:22.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42278 (GCVE-0-2021-42278)

    Vulnerability from cvelistv5 – Published: 2021-11-10 00:47 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Active Directory Domain Services Elevation of Privilege Vulnerability
    Summary
    Active Directory Domain Services Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.350 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-11-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42278"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42278",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:05:48.311573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-11",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42278"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:25.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42278"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-11T00:00:00.000Z",
                "value": "CVE-2021-42278 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.350",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Active Directory Domain Services Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:48:04.953Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42278"
            }
          ],
          "title": "Active Directory Domain Services Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-42278",
        "datePublished": "2021-11-10T00:47:05.000Z",
        "dateReserved": "2021-10-12T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:25.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41379 (GCVE-0-2021-41379)

    Vulnerability from cvelistv5 – Published: 2021-11-10 00:46 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Installer Elevation of Privilege Vulnerability
    Summary
    Windows Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2300 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1916 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.350 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1348 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.318 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19119 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4770 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20174:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21282 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25769 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23517 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20174 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-11-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:32.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1308/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41379",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:06:23.193502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41379"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:26.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41379"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-03T00:00:00.000Z",
                "value": "CVE-2021-41379 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2300",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1916",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.350",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1348",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.318",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19119",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4770",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25769:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20174:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20174:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21282:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21282",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25769:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25769",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23517:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23517",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20174:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20174",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:47:38.867Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1308/"
            }
          ],
          "title": "Windows Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-41379",
        "datePublished": "2021-11-10T00:46:55.000Z",
        "dateReserved": "2021-09-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:26.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41357 (GCVE-0-2021-41357)

    Vulnerability from cvelistv5 – Published: 2021-10-13 00:28 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41357"
                  },
                  "type": "kev"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41357",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T15:03:56.547814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:28.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-41357"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-25T00:00:00.000Z",
                "value": "CVE-2021-41357 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:08:32.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41357"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:48.230Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41357"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-41357",
        "datePublished": "2021-10-13T00:28:21.000Z",
        "dateReserved": "2021-09-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:28.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40450 (GCVE-0-2021-40450)

    Vulnerability from cvelistv5 – Published: 2021-10-13 00:26 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1854 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40450",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:34:09.939626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:28.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-25T00:00:00.000Z",
                "value": "CVE-2021-40450 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1854",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:21.901Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40450",
        "datePublished": "2021-10-13T00:26:49.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:28.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40449 (GCVE-0-2021-40449)

    Vulnerability from cvelistv5 – Published: 2021-10-13 00:26 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Win32k Elevation of Privilege Vulnerability
    Summary
    Win32k Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2237 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1854 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.288 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19041.1288 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1288 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.258 (custom)
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19086 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4704 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20144:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21251 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25740 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23490 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23490 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20144 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-10-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40449",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T14:36:14.212566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-17",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40449"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:29.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40449"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-17T00:00:00.000Z",
                "value": "CVE-2021-40449 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1854",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19041.1288:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19041.1288:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1288",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 11 version 21H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.22000.258",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19086:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19086",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4704:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4704",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25740:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20144:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20144:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21251:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21251",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25740:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25740",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23490",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23490:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23490",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20144:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20144",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-10-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:52:10.960Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html"
            }
          ],
          "title": "Win32k Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40449",
        "datePublished": "2021-10-13T00:26:47.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:29.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40444 (GCVE-0-2021-40444)

    Vulnerability from cvelistv5 – Published: 2021-09-15 11:24 – Updated: 2026-03-11 03:55
    VLAI CISA KEVIntel
    Title
    Microsoft MSHTML Remote Code Execution Vulnerability
    Summary
    <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1801 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.230 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19060 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
    Affected: 6.1.0 , < 6.1.7601.26221 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
    Affected: 6.1.0 , < 6.1.7601.26221 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
    Affected: 6.1.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25712 (custom)
    Affected: 6.0.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23462 (custom)
    Affected: 6.2.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23462 (custom)
    Affected: 6.2.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20120 (custom)
    Affected: 6.3.0 , < 1.001 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-09-07 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40444",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2021-09-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:55:26.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40444"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1801",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.230",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19060",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.7601.26221",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_7:1.001:sp1:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.26221:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.7601.26221",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_8.1:1.001:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:1.001:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2012_R2:1.001:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.001",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-09-07T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "\u003cp\u003eMicrosoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\u003c/p\u003e\n\u003cp\u003eAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \u201cSuspicious Cpl File Execution\u201d.\u003c/p\u003e\n\u003cp\u003eUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003cstrong\u003eMitigations\u003c/strong\u003e and \u003cstrong\u003eWorkaround\u003c/strong\u003e sections for important information about steps you can take to protect your system from this vulnerability.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUPDATE\u003c/strong\u003e September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\u003c/p\u003e\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:37:23.721Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164210/Microsoft-Windows-MSHTML-Overview.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165214/Microsoft-Office-Word-MSHTML-Remote-Code-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html"
            }
          ],
          "title": "Microsoft MSHTML Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-40444",
        "datePublished": "2021-09-15T11:24:26.000Z",
        "dateReserved": "2021-09-02T00:00:00.000Z",
        "dateUpdated": "2026-03-11T03:55:26.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-36955 (GCVE-0-2021-36955)

    Vulnerability from cvelistv5 – Published: 2021-09-15 11:23 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Summary
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2183 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1801 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2022 Affected: 10.0.0 , < 10.0.20348.230 (custom)
        cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1237 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19060 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4651 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21218 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25712 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23462 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23462 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20120 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-09-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36955",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:46:54.770785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:33.593Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36955 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2183:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2183",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1801:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1801:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1801",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1237:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2022",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.20348.230",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1237:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1237:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1237:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1237",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19060:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19060",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4651:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4651",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25712:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20120:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20120:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21218:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21218",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25712:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25712",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23462:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23462",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20120:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20120",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-09-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:37:01.943Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955"
            }
          ],
          "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36955",
        "datePublished": "2021-09-15T11:23:32.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:33.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36948 (GCVE-0-2021-36948)

    Vulnerability from cvelistv5 – Published: 2021-08-12 18:12 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Update Medic Service Elevation of Privilege Vulnerability
    Summary
    Windows Update Medic Service Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:06.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36948",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:11:59.875479Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36948"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36948"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36948 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Update Medic Service Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:54:02.577Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36948"
            }
          ],
          "title": "Windows Update Medic Service Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36948",
        "datePublished": "2021-08-12T18:12:37.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36942 (GCVE-0-2021-36942)

    Vulnerability from cvelistv5 – Published: 2021-08-12 18:12 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows LSA Spoofing Vulnerability
    Summary
    Windows LSA Spoofing Vulnerability
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#405600",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/405600"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36942",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:49:20.734286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-36942 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows LSA Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:53:59.348Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "VU#405600",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/405600"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
            }
          ],
          "title": "Windows LSA Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-36942",
        "datePublished": "2021-08-12T18:12:29.000Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34486 (GCVE-0-2021-34486)

    Vulnerability from cvelistv5 – Published: 2021-08-12 18:11 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Event Tracing Elevation of Privilege Vulnerability
    Summary
    Windows Event Tracing Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-416 - Use After Free
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34486",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T15:43:01.578453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34486"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34486"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-28T00:00:00.000Z",
                "value": "CVE-2021-34486 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Event Tracing Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:53:52.231Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34486"
            }
          ],
          "title": "Windows Event Tracing Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-34486",
        "datePublished": "2021-08-12T18:11:58.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34484 (GCVE-0-2021-34484)

    Vulnerability from cvelistv5 – Published: 2021-08-12 18:11 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows User Profile Service Elevation of Privilege Vulnerability
    Summary
    Windows User Profile Service Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2114 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1734 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1165 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19022 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4583 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20094:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21192 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25685 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23435 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20094 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-08-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:12:50.346Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34484",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:16:16.781480Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-31",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34484"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:38.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34484"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-31T00:00:00.000Z",
                "value": "CVE-2021-34484 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2114:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2114",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1734:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1734:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1734",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1165:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1165:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1165:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1165",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19022:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19022",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4583:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4583",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25685:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20094:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20094:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21192",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25685",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23435",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20094",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows User Profile Service Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:54:07.228Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484"
            }
          ],
          "title": "Windows User Profile Service Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-34484",
        "datePublished": "2021-08-12T18:11:55.000Z",
        "dateReserved": "2021-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:38.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33771 (GCVE-0-2021-33771)

    Vulnerability from cvelistv5 – Published: 2021-07-14 17:53 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Kernel Elevation of Privilege Vulnerability
    Summary
    Windows Kernel Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1679 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19003 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:23.153Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33771"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33771",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T15:34:13.481047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33771"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:41.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33771"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-33771 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1679",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19003",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Kernel Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T22:36:28.316Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33771"
            }
          ],
          "title": "Windows Kernel Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-33771",
        "datePublished": "2021-07-14T17:53:43.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:41.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31979 (GCVE-0-2021-31979)

    Vulnerability from cvelistv5 – Published: 2021-07-14 17:53 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Title
    Windows Kernel Elevation of Privilege Vulnerability
    Summary
    Windows Kernel Elevation of Privilege Vulnerability
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.0 , < 10.0.17763.2061 (custom)
        cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1909 Affected: 10.0.0 , < 10.0.18363.1679 (custom)
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 21H1 Affected: 10.0.0 , < 10.0.19043.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*
        cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 10 Version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server version 2004 Affected: 10.0.0 , < 10.0.19041.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*
    Create a notification for this product.
    Microsoft Windows Server version 20H2 Affected: 10.0.0 , < 10.0.19042.1110 (custom)
        cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.0 , < 10.0.10240.19003 (custom)
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.0 , < 10.0.14393.4530 (custom)
        cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*
        cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.0 , < 6.0.6003.21167 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.0.0 , < 6.1.7601.25661 (custom)
        cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 Affected: 6.2.0 , < 6.2.9200.23409 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.0 , < 6.2.9200.23409 (custom)
        cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.0 , < 6.3.9600.20069 (custom)
        cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*
    Create a notification for this product.
    Date Public
    2021-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:31.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-31979",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-04T17:04:18.548649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31979"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:41.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31979"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-31979 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2061:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.17763.2061",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1679:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1679:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1909",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.18363.1679",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:arm64:*",
                "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1110:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems",
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 21H1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19043.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1110:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 2004",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19041.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1110:*:*:*:*:*:arm64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1110:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server version 20H2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.19042.1110",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19003:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19003",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4530:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.4530",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_7:6.1.7601.25661:sp1:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows 7 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x86:*",
                "cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20069:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20069:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*",
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008  Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.6003.21167",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.1.7601.25661",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23409",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.2.9200.23409",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2012 R2 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.3.9600.20069",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Windows Kernel Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T22:36:47.795Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979"
            }
          ],
          "title": "Windows Kernel Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-31979",
        "datePublished": "2021-07-14T17:53:16.000Z",
        "dateReserved": "2021-04-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:41.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }