Cyber Resilience

CVE-2021-42278

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 10 November 2021

Published
10 November 2021
Modified
30 October 2025
KEV Added
11 April 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9407 99.9th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-42278 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-42278 is an elevation of privilege vulnerability affecting Active Directory Domain Services. It carries a CVSS 3.1 base score of 7.5 with the vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a remotely exploitable flaw that can yield high impact to confidentiality, integrity, and availability when successfully triggered.

An attacker with low privileges and network access can exploit the issue, though the high attack complexity requirement limits the ease of successful abuse. Successful exploitation allows the attacker to elevate privileges within the Active Directory environment, potentially leading to domain-level compromise.

Microsoft has published security guidance addressing the vulnerability, and the flaw appears in CISA's catalog of known exploited vulnerabilities, confirming observed real-world exploitation activity.

EU & UK References

Vulnerability details

Active Directory Domain Services Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
11 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2004
≤ 10.0.19041.1348
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.4770
microsoft
windows server 2019
≤ 10.0.17763.2300
microsoft
windows server 2022
≤ 10.0.20348.350
microsoft
windows server 20h2
≤ 10.0.19042.1348

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the Microsoft security update that eliminates the AD DS EoP flaw before exploitation succeeds.

prevent

Enforces least-privilege assignments so a low-privileged account cannot reach the conditions needed to abuse the CVE-2021-42278 elevation path.

prevent

Enforces the underlying AD access-control decisions that the vulnerability attempts to bypass, limiting successful privilege escalation.

References