CVE-2021-41357
Published: 13 October 2021
Summary
CVE-2021-41357 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 2004. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2021-41357 is a Win32k elevation of privilege vulnerability affecting the Win32k component in Windows. It carries a CVSS 3.1 base score of 7.8 with an attack vector of local access, low attack complexity, low privileges required, and no user interaction needed, resulting in high impact to confidentiality, integrity, and availability.
A local attacker who already possesses a low-privileged account on an affected system can exploit the flaw to elevate privileges and obtain full control over the target machine.
Microsoft has published security guidance for the issue through its MSRC advisory portal, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-28385
Vulnerability details
Win32k Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 25 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the low-privilege-to-kernel escalation path by restricting every user and process to the minimum rights needed, eliminating the initial foothold the Win32k flaw requires.
Enforces kernel-mode access checks inside Win32k so that a low-privileged caller cannot obtain unauthorized elevation to full system control.
Maintains separate execution domains between user processes and the Win32k kernel component, limiting the ability of an exploit to cross the user-to-kernel boundary.