⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2021-11-17.

CVE-2021-1732Out-of-bounds Write in Microsoft Windows 10 Version 1803

CWE-787Out-of-bounds WriteCWE-269Improper Privilege ManagementCWE-125Out-of-bounds Read24 documents13 sources
Severity
7.8HIGHNVD
EPSS
90.1%
top 0.41%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Microsoft Windows 10 Version 1803Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 1909+5 more
Timeline
PublishedFeb 25
KEV addedNov 3
KEV dueNov 17
Latest updateMar 15
CISA Required Action: Apply updates per vendor instructions.

Description

Windows Win32k Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5microsoft/windows_server_201910.0.0publication
CVEListV5microsoft/windows_10_version_180310.0.0publication
CVEListV5microsoft/windows_10_version_180910.0.0publication
CVEListV5microsoft/windows_10_version_190910.0.0publication
CVEListV5microsoft/windows_10_version_200410.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
GHSA
GHSA-gvwr-5hrc-2gr5: Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-16982022-05-24
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
CVEList
Windows Win32k Elevation of Privilege Vulnerability2021-02-25
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability2021

💥Exploits & PoCs

1
Metasploit
Win32k ConsoleControl Offset Confusion

📋Vendor Advisories

3
Red Hat
kernel: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions2024-03-15
CISA
Microsoft Win32k Privilege Escalation Vulnerability2021-11-03
Microsoft
Windows Win32k Elevation of Privilege Vulnerability2021-02-09

🕵️Threat Intelligence

10
Unit42
Inside Win32k Exploitation: Analysis of CVE-2022-21882 and CVE-2021-17322023-06-20
Unit42
Inside Win32k Exploitation: Analysis of CVE-2022-21882 and CVE-2021-17322023-06-20
Unit42
Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies2023-06-13
Unit42
Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies2023-06-13
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets2021-10-19
CVE-2021-1732 — Out-of-bounds Write in Microsoft | cvebase