CVE-2021-28310

Published Apr 13, 2021

Last updated 19 days ago

Exploit known CVSS high 7.8

Overview

Description: Win32k Elevation of Privilege Vulnerability
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: Microsoft Win32k Privilege Escalation Vulnerability
Exploit added on: Nov 3, 2021
Exploit action due: Nov 17, 2021
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4DBE5B2-AE10-4251-BCDA-DC5EDEE6EE67"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AFD13A6-A390-4400-9029-2F4058CA17E2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62224791-644C-4D1F-AD77-56B16CF27630"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References