Cyber Resilience

CVE-2021-41357

HighCISA KEVActive ExploitationEUVD Exploited

Published: 13 October 2021

Published
13 October 2021
Modified
30 October 2025
KEV Added
25 April 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0404 88.8th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-41357 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 2004. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-41357 is a Win32k elevation of privilege vulnerability affecting the Win32k component in Windows. It carries a CVSS 3.1 base score of 7.8 with an attack vector of local access, low attack complexity, low privileges required, and no user interaction needed, resulting in high impact to confidentiality, integrity, and availability.

A local attacker who already possesses a low-privileged account on an affected system can exploit the flaw to elevate privileges and obtain full control over the target machine.

Microsoft has published security guidance for the issue through its MSRC advisory portal, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation activity.

EU & UK References

Vulnerability details

Win32k Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
25 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 2004
≤ 10.0.19041.1288
microsoft
windows 10 20h2
≤ 10.0.19042.1288
microsoft
windows 10 21h1
≤ 10.0.19043.1288
microsoft
windows 11 21h2
≤ 10.0.22000.258
microsoft
windows server 2004
≤ 10.0.19041.1288
microsoft
windows server 2022
≤ 10.0.20348.288
microsoft
windows server 20h2
≤ 10.0.19042.1288

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the low-privilege-to-kernel escalation path by restricting every user and process to the minimum rights needed, eliminating the initial foothold the Win32k flaw requires.

prevent

Enforces kernel-mode access checks inside Win32k so that a low-privileged caller cannot obtain unauthorized elevation to full system control.

prevent

Maintains separate execution domains between user processes and the Win32k kernel component, limiting the ability of an exploit to cross the user-to-kernel boundary.

References