CVE-2021-33739
Published: 08 June 2021
Summary
CVE-2021-33739 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1909. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2021-33739 is an elevation of privilege flaw in the Microsoft DWM Core Library. It carries a CVSS 3.1 score of 8.4 and affects this core Windows component responsible for desktop window management.
A local attacker with no privileges or user interaction required can exploit the issue to obtain full control over confidentiality, integrity, and availability on the target system. The attack vector is local and the scope remains unchanged.
Microsoft security advisories at the referenced MSRC portal URLs describe available patches, while the CISA known exploited vulnerabilities catalog entry confirms active real-world exploitation and recommends prompt remediation through updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-20416
Vulnerability details
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches that remediate the DWM Core Library EoP flaw.
Enforces access-control policies that the vulnerability bypasses to obtain unauthorized elevation from an unprivileged local context.
Limits privileges assigned to processes and users, reducing the impact and feasibility of the local EoP into full system control.