Cyber Resilience

CVE-2021-41379

MediumCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 10 November 2021

Published
10 November 2021
Modified
30 October 2025
KEV Added
03 March 2022
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0102 77.7th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-41379 is a medium-severity Link Following (CWE-59) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 22.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2021-41379 is an elevation of privilege vulnerability in the Windows Installer component, tracked under CWE-59 for improper link resolution before file access. It received a CVSS 3.1 score of 5.5 with a vector indicating local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact.

A local attacker with low privileges can exploit the flaw to elevate privileges and achieve high impact on system availability. The vulnerability affects Windows systems running the Installer service and can be triggered without additional user interaction once local access is obtained.

Microsoft security advisories recommend applying the patches referenced in the CVE entry to address the issue. The vulnerability is also catalogued by CISA as actively exploited in the wild, confirming real-world use beyond proof-of-concept reporting from sources such as Zero Day Initiative.

EU & UK References

Vulnerability details

Windows Installer Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19119
microsoft
windows 10 1607
≤ 10.0.14393.4770
microsoft
windows 10 1809
≤ 10.0.17763.2300
microsoft
windows 10 1909
≤ 10.0.18363.1916
microsoft
windows 10 2004
≤ 10.0.19041.1348
microsoft
windows 10 20h2
≤ 10.0.19042.1348
microsoft
windows 10 21h1
≤ 10.0.19043.1348
microsoft
windows 11 21h2
≤ 10.0.22000.318
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patches that close the Windows Installer link-resolution flaw.

prevent

Enforces least-privilege execution so a low-privileged local account cannot reach the vulnerable installer code paths that enable elevation.

prevent

Access-enforcement mechanisms block the unauthorized file operations that the CWE-59 flaw would otherwise allow during installation.

References