CVE-2021-31979
Published: 14 July 2021
Summary
CVE-2021-31979 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-31979 is a Windows Kernel Elevation of Privilege Vulnerability affecting the Windows kernel component and classified under CWE-119. It received a CVSS 3.1 score of 7.8 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
An attacker with existing local access and low privileges can exploit the flaw without user interaction to elevate rights on the affected system, resulting in high impact to confidentiality, integrity, and availability.
Microsoft published mitigation details in its security advisory for CVE-2021-31979, and the vulnerability appears in the CISA catalog of known exploited vulnerabilities.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-18851
Vulnerability details
Windows Kernel Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforcing least privilege directly limits the attacker's starting low-privileged local access from being escalated via the kernel flaw.
Requires timely application of Microsoft's published patch to eliminate the vulnerable kernel code before exploitation.
Memory-protection mechanisms mitigate exploitation of the underlying CWE-119 buffer overflow in kernel memory.