⚠ Actively exploited

Added to CISA KEV on 2022-04-25. Federal agencies required to patch by 2022-05-16. Required action: Apply updates per vendor instructions..

CVE-2021-41357

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGH

No vector

EPSS

5.5%

top 9.80%

CISA KEV

KEV

Added 2022-04-25

Due 2022-05-16

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 2004 Microsoft Windows 10 Version 20h2 Microsoft Windows 10 Version 21h1 +4 more

Timeline

PublishedOct 13

KEV addedApr 25

KEV dueMay 16

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability

Affected Packages7 packages

▶CVEListV5microsoft/windows_server_202210.0.0 — 10.0.20348.288

▶CVEListV5microsoft/windows_10_version_200410.0.0 — 10.0.19041.1288

▶CVEListV5microsoft/windows_10_version_20h210.0.0 — 10.0.19042.1288

▶CVEListV5microsoft/windows_10_version_21h110.0.0 — 10.0.19043.1288

▶CVEListV5microsoft/windows_11_version_21h210.0.0 — 10.0.22000.258

🔴Vulnerability Details

GHSA

GHSA-pph6-grp2-wvvw: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450↗2022-05-24

▶

CVEList

Win32k Elevation of Privilege Vulnerability↗2021-10-13

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-04-25

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2021-10-12

▶