⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2021-12-01.
CVE-2021-40449
Severity
7.8HIGH
No vectorEPSS
91.7%
top 0.32%
CISA KEV
KEVRansomware
Added 2021-11-17
Due 2021-12-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 13
KEV addedNov 17
KEV dueDec 1
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.
Description
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Affected Packages26 packages
🔴Vulnerability Details
4GHSA▶
GHSA-qjf4-g2gg-w6pq: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357↗2022-05-24
📋Vendor Advisories
2🕵️Threat Intelligence
2Qualys▶
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities↗2021-10-13
Qualys▶
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities | Qualys↗2021-10-13