CVE-2021-36948
Published: 12 August 2021
Summary
CVE-2021-36948 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 23.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an elevation of privilege flaw in the Windows Update Medic Service, assigned CVE-2021-36948 with a CVSS 3.1 base score of 7.8. It affects the Windows Update Medic Service component on supported Windows systems and allows an attacker to gain elevated privileges on the host.
An attacker with local access and low privileges can exploit the issue without user interaction. Successful exploitation grants the ability to read, modify, or delete data with high impact across confidentiality, integrity, and availability, effectively allowing full control over the affected system.
Microsoft has published an advisory detailing the vulnerability and available updates. The flaw is listed in CISA's catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-23524
Vulnerability details
Windows Update Medic Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the Microsoft security update that patches the Windows Update Medic Service EoP flaw.
Enforces least-privilege execution for the Update Medic Service so that a local attacker cannot obtain SYSTEM-level rights even if the flaw is triggered.
Implements the underlying access-control checks that the vulnerable service fails to enforce, blocking unauthorized privilege transitions.