CVE-2021-36955
Published: 15 September 2021
Summary
CVE-2021-36955 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
The vulnerability CVE-2021-36955 is an elevation of privilege flaw in the Windows Common Log File System Driver. It carries a CVSS 3.1 base score of 7.8 and affects local users on supported Windows systems.
An attacker with low privileges and no user interaction required can exploit the issue locally to obtain full control over confidentiality, integrity, and availability on the affected host.
Microsoft has published remediation guidance through its Security Response Center advisory, while CISA lists the vulnerability in its catalog of known exploited vulnerabilities, confirming active exploitation in the wild and underscoring the need for prompt patching.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-23531
Vulnerability details
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the EoP flaw in the CLFS driver.
Limits the initial privileges an attacker can obtain, reducing the impact surface even if the driver flaw is later triggered.
Enforces access-control decisions at the kernel level that the vulnerable driver is intended to uphold but fails to do so.