Cyber Resilience

CVE-2021-1675

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 08 June 2021

Published
08 June 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8613 99.7th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2021-1675 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2021-1675 is a remote code execution vulnerability affecting the Windows Print Spooler component. It carries a CVSS 3.1 base score of 7.8 and is tracked under NVD-CWE-Other.

The vulnerability can be exploited by an attacker who supplies a malicious printer driver or print job. With local access, no privileges, and user interaction, successful exploitation grants full control over confidentiality, integrity, and availability on the affected system.

Public references include the Microsoft Security Response Center advisory for CVE-2021-1675, the CERT/CC vulnerability note VU#383432, and multiple proof-of-concept artifacts published on Packet Storm that demonstrate Print Spooler remote DLL injection and code execution.

EU & UK References

Vulnerability details

Windows Print Spooler Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

CVEs Like This One

CVE-2021-40444Same product: Microsoft Windows 10 1507both on KEV
CVE-2022-30190Same product: Microsoft Windows 10 1507both on KEV
CVE-2021-34527Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24983Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24985Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24991Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24054Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-26633Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24993Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-59230Same product: Microsoft Windows 10 1507both on KEV

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.18967
microsoft
windows 10 1607
≤ 10.0.14393.4467
microsoft
windows 10 1809
≤ 10.0.17763.1999
microsoft
windows 10 1909
≤ 10.0.18363.1621
microsoft
windows 10 2004
≤ 10.0.19041.1052
microsoft
windows 10 20h2
≤ 10.0.19042.1052
microsoft
windows 10 21h1
≤ 10.0.19043.1052
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts installation or modification of printer drivers, directly blocking the malicious driver or print job vector used in CVE-2021-1675.

preventdetect

Provides malicious code scanning and blocking for untrusted print jobs or drivers before they execute in the spooler.

prevent

Enforces integrity verification of drivers and spooler components to detect tampering prior to loading.

References