CVE-2021-43226
Published: 15 December 2021
Summary
CVE-2021-43226 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 7.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability is an elevation of privilege flaw in the Windows Common Log File System Driver, assigned CVE-2021-43226 with a CVSS 3.1 base score of 7.8. It affects the Windows operating system component responsible for handling common log file system operations.
An attacker with local access and low privileges can exploit the issue without user interaction to obtain high impacts on confidentiality, integrity, and availability, enabling privilege escalation on the affected system.
Microsoft has published security guidance addressing the vulnerability through its advisory portal, and the flaw appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-30170
Vulnerability details
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 06 October 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces least-privilege restrictions on local accounts so an attacker cannot obtain the elevated rights the CVE-2021-43226 flaw is designed to grant.
Access-enforcement mechanisms in the kernel and driver stack block the unauthorized elevation path that the Common Log File System vulnerability exposes.
Requires prompt installation of the vendor patch that directly eliminates the exploitable flaw in the Windows CLFS driver.