Cyber Resilience

CVE-2021-36955

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 15 September 2021

Published
15 September 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2071 95.7th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-36955 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

The vulnerability CVE-2021-36955 is an elevation of privilege flaw in the Windows Common Log File System Driver. It carries a CVSS 3.1 base score of 7.8 and affects local users on supported Windows systems.

An attacker with low privileges and no user interaction required can exploit the issue locally to obtain full control over confidentiality, integrity, and availability on the affected host.

Microsoft has published remediation guidance through its Security Response Center advisory, while CISA lists the vulnerability in its catalog of known exploited vulnerabilities, confirming active exploitation in the wild and underscoring the need for prompt patching.

EU & UK References

Vulnerability details

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19060
microsoft
windows 10 1607
≤ 10.0.14393.4651
microsoft
windows 10 1809
≤ 10.0.17763.2183
microsoft
windows 10 1909
≤ 10.0.18363.1801
microsoft
windows 10 2004
≤ 10.0.19041.1237
microsoft
windows 10 20h2
≤ 10.0.19042.1237
microsoft
windows 10 21h1
≤ 10.0.19043.1237
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the EoP flaw in the CLFS driver.

prevent

Limits the initial privileges an attacker can obtain, reducing the impact surface even if the driver flaw is later triggered.

prevent

Enforces access-control decisions at the kernel level that the vulnerable driver is intended to uphold but fails to do so.

References