Cyber Resilience

CVE-2021-42287

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 10 November 2021

Published
10 November 2021
Modified
30 October 2025
KEV Added
11 April 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9401 99.9th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-42287 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-42287 is an elevation of privilege vulnerability affecting Active Directory Domain Services. The flaw carries a CVSS 3.1 base score of 7.5 with a network attack vector, high attack complexity, and low privileges required, enabling high impact to confidentiality, integrity, and availability on domain controllers.

An authenticated attacker with low privileges can exploit the issue over the network to obtain elevated rights within an Active Directory environment, although successful exploitation requires specific conditions that increase complexity.

Microsoft has published security guidance and patches addressing the vulnerability through its Security Response Center. The flaw is also catalogued by CISA among vulnerabilities known to have been exploited in the wild.

EU & UK References

Vulnerability details

Active Directory Domain Services Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
11 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
2004 · ≤ 10.0.14393.4770
microsoft
windows server 2019
≤ 10.0.17763.2300
microsoft
windows server 2022
≤ 10.0.20348.350

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the AD DS privilege-escalation flaw.

prevent

Enforces least-privilege assignments so that the low-privileged accounts required by the attacker cannot reach the vulnerable code paths.

prevent

Enforces the access-control policy that should block the unauthorized elevation of rights on domain controllers.

References