CVE-2021-31969
published 2021-06-08CVE-2021-31969: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
PriorityP278high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.21%
64.6th percentile
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.1999 | 10.0.17763.1999 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1621 | 10.0.18363.1621 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1052 | 10.0.19041.1052 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1052 | 10.0.19042.1052 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1052 | 10.0.19043.1052 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.1999 | 10.0.17763.1999 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1052 | 10.0.19041.1052 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1052 | 10.0.19042.1052 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_32-bit_systems | — | — |
| msrc | windows_10_version_2004_for_arm64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_10_version_20h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_20h2_for_arm64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ch78-4747-pgm3: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-31969 [HIGH] CWE-269 GHSA-ch78-4747-pgm3: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows Improper Privilege Management
vulncheck·2021·CVSS 7.8
CVE-2021-31969 [HIGH] Microsoft Windows Improper Privilege Management
Microsoft Windows Improper Privilege Management
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and
Microsoft
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
vendor_msrc·2021-06-08·CVSS 7.8
CVE-2021-31969 [HIGH] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Drivers: Windows Drivers
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646
Reference: https://support.microsoft.com/help/5003646
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003635
Reference: https://support.microsoft.com/help/5003635
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003637
Reference: https://support.microsoft.com/help/5003637
No detection rules found.
No public exploits indexed.
Rapid7
When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
blogs_rapid7·2026-05-13·CVSS 7.8
CVE-2023-36036 [HIGH] When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
## Overview
Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust.
In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential theft, lateral movement, and exfiltration. The incident illustrates a critical risk for modern enterprises: Collaboration platforms have become part of the attack surface, and when combined with identity abuse and Living-off-the-Land techniques, they can provide attackers with a low-friction path into the environment.
Therefore, this attack was particularly concerning due to the way the intru
Zscaler
Raspberry Robin Analysis | ThreatLabz
blogs_zscaler·2024-11-19
Raspberry Robin Analysis | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Qualys
Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities
blogs_qualys·2021-06-08·CVSS 5.2
CVE-2021-31985 [MEDIUM] Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities
## Microsoft Patch Tuesday – June 2021
Microsoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.
CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
Microsoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server
2021-06-08
Published
Exploited in the wild