⚠ Actively exploited

Added to CISA KEV on 2022-04-25. Federal agencies required to patch by 2022-05-16. Required action: Apply updates per vendor instructions..

CVE-2021-40450

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGH

No vector

EPSS

5.6%

top 9.69%

CISA KEV

KEV

Added 2022-04-25

Due 2022-05-16

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 1909 Microsoft Windows 10 Version 2004 +8 more

Timeline

PublishedOct 13

KEV addedApr 25

KEV dueMay 16

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability

Affected Packages11 packages

▶CVEListV5microsoft/windows_server_201910.0.0 — 10.0.17763.2237

▶CVEListV5microsoft/windows_server_202210.0.0 — 10.0.20348.288

▶CVEListV5microsoft/windows_10_version_180910.0.0 — 10.0.17763.2237

▶CVEListV5microsoft/windows_10_version_190910.0.0 — 10.0.18363.1854

▶CVEListV5microsoft/windows_10_version_200410.0.0 — 10.0.19041.1288

🔴Vulnerability Details

GHSA

GHSA-v7qc-rhmv-f6j4: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357↗2022-05-24

▶

CVEList

Win32k Elevation of Privilege Vulnerability↗2021-10-13

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-04-25

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2021-10-12

▶

External resources

NVD MITRE CISA KEV

Affected products11

Microsoft Windows 10 Version 1809≥ 10.0.0, < 10.0.17763.2237

Microsoft Windows 10 Version 1909≥ 10.0.0, < 10.0.18363.1854

Microsoft Windows 10 Version 2004≥ 10.0.0, < 10.0.19041.1288

Microsoft Windows 10 Version 20h2≥ 10.0.0, < 10.0.19042.1288

Microsoft Windows 10 Version 21h1≥ 10.0.0, < 10.0.19043.1288

Microsoft Windows 11 Version 21h2≥ 10.0.0, < 10.0.22000.258

Microsoft Windows Server 2019≥ 10.0.0, < 10.0.17763.2237

Microsoft Windows Server 2019 (server Core Installation)≥ 10.0.0, < 10.0.17763.2237

Microsoft Windows Server 2022≥ 10.0.0, < 10.0.20348.288

Microsoft Windows Server Version 2004≥ 10.0.0, < 10.0.19041.1288

Disclosure

PublishedOct 13, 2021

KEV addedApr 25, 2022

KEV dueMay 16, 2022

Latest updateMay 24, 2022