CVE-2021-28310
Published: 13 April 2021
Summary
CVE-2021-28310 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 10 1803. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-28310 is a Win32k Elevation of Privilege Vulnerability affecting the Win32k component of Windows. It carries a CVSS 3.1 score of 7.8 and is associated with CWE-787, indicating an out-of-bounds write condition that can be triggered under local attack conditions.
An authenticated local attacker with low privileges can exploit the flaw without user interaction to elevate privileges on the affected system, resulting in full compromise of confidentiality, integrity, and availability within the local security boundary.
Microsoft has published official security guidance addressing the issue through its advisory portal, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14995
Vulnerability details
Win32k Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the out-of-bounds write (CWE-787) in Win32k by enforcing memory protections that block the kernel memory corruption used for privilege escalation.
Requires timely application of the vendor patch that eliminates the Win32k flaw, directly stopping the known in-the-wild exploitation path.
Restricts initial local account privileges so an attacker starts with fewer rights, limiting the impact even if the Win32k EoP is attempted.