CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege Vulnerability

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2021-11-17

Exploited in the wild

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Affected

25 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1909	< 10.0.18363.1621	10.0.18363.1621
microsoft	windows_10_2004	< 10.0.19041.1052	10.0.19041.1052
microsoft	windows_10_20h2	< 10.0.19042.1052	10.0.19042.1052
microsoft	windows_10_21h1	< 10.0.19043.1052	10.0.19043.1052
microsoft	windows_10_version_1909	>= 10.0.0 < 10.0.18363.1621	10.0.18363.1621
microsoft	windows_10_version_2004	>= 10.0.0 < 10.0.19041.1052	10.0.19041.1052
microsoft	windows_10_version_20h2	>= 10.0.0 < 10.0.19042.1052	10.0.19042.1052
microsoft	windows_10_version_21h1	>= 10.0.0 < 10.0.19043.1052	10.0.19043.1052
microsoft	windows_server_2004	< 10.0.19041.1052	10.0.19041.1052
microsoft	windows_server_20h2	< 10.0.19042.1052	10.0.19042.1052
microsoft	windows_server_version_2004	>= 10.0.0 < 10.0.19041.1052	10.0.19041.1052
microsoft	windows_server_version_20h2	>= 10.0.0 < 10.0.19042.1052	10.0.19042.1052
msrc	windows_10_version_1909_for_32-bit_systems	—	—
msrc	windows_10_version_1909_for_arm64-based_systems	—	—
msrc	windows_10_version_1909_for_x64-based_systems	—	—
msrc	windows_10_version_2004_for_32-bit_systems	—	—
msrc	windows_10_version_2004_for_arm64-based_systems	—	—
msrc	windows_10_version_2004_for_x64-based_systems	—	—
msrc	windows_10_version_20h2_for_32-bit_systems	—	—
msrc	windows_10_version_20h2_for_arm64-based_systems	—	—
msrc	windows_10_version_21h1_for_32-bit_systems	—	—
msrc	windows_10_version_21h1_for_arm64-based_systems	—	—
msrc	windows_10_version_21h1_for_x64-based_systems	—	—
msrc	windows_server_version_2004	—	—
msrc	windows_server_version_20h2	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vulncheck8.4HIGH

cisa7.8HIGH