Cyber Resilience

CVE-2021-33739

HighCISA KEVActive ExploitationEUVD Exploited

Published: 08 June 2021

Published
08 June 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1692 95.1th percentile
Risk Priority 47 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-33739 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1909. Its CVSS base score is 8.4 (High).

Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2021-33739 is an elevation of privilege flaw in the Microsoft DWM Core Library. It carries a CVSS 3.1 score of 8.4 and affects this core Windows component responsible for desktop window management.

A local attacker with no privileges or user interaction required can exploit the issue to obtain full control over confidentiality, integrity, and availability on the target system. The attack vector is local and the scope remains unchanged.

Microsoft security advisories at the referenced MSRC portal URLs describe available patches, while the CISA known exploited vulnerabilities catalog entry confirms active real-world exploitation and recommends prompt remediation through updates.

EU & UK References

Vulnerability details

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1909
≤ 10.0.18363.1621
microsoft
windows 10 2004
≤ 10.0.19041.1052
microsoft
windows 10 20h2
≤ 10.0.19042.1052
microsoft
windows 10 21h1
≤ 10.0.19043.1052
microsoft
windows server 2004
≤ 10.0.19041.1052
microsoft
windows server 20h2
≤ 10.0.19042.1052

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that remediate the DWM Core Library EoP flaw.

prevent

Enforces access-control policies that the vulnerability bypasses to obtain unauthorized elevation from an unprivileged local context.

prevent

Limits privileges assigned to processes and users, reducing the impact and feasibility of the local EoP into full system control.

References