Cyber Resilience

CVE-2021-43226

HighCISA KEVActive ExploitationEUVD Exploited

Published: 15 December 2021

Published
15 December 2021
Modified
30 October 2025
KEV Added
06 October 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0839 92.5th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-43226 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 7.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is an elevation of privilege flaw in the Windows Common Log File System Driver, assigned CVE-2021-43226 with a CVSS 3.1 base score of 7.8. It affects the Windows operating system component responsible for handling common log file system operations.

An attacker with local access and low privileges can exploit the issue without user interaction to obtain high impacts on confidentiality, integrity, and availability, enabling privilege escalation on the affected system.

Microsoft has published security guidance addressing the vulnerability through its advisory portal, and the flaw appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed real-world exploitation activity.

EU & UK References

Vulnerability details

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
06 October 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19145 · ≤ 10.0.10240.19145
microsoft
windows 10 1607
≤ 10.0.14393.4825 · ≤ 10.0.14393.4825
microsoft
windows 10 1809
≤ 10.0.17763.2366
microsoft
windows 10 1909
≤ 10.0.18363.1977
microsoft
windows 10 2004
≤ 10.0.19041.1415
microsoft
windows 10 20h2
≤ 10.0.19042.1415 · ≤ 10.0.19042.1415
microsoft
windows 10 21h1
≤ 10.0.19043.1415
microsoft
windows 10 21h2
≤ 10.0.19044.1415
microsoft
windows 11 21h2
≤ 10.0.22000.376
microsoft
windows 7
all versions
+9 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least-privilege restrictions on local accounts so an attacker cannot obtain the elevated rights the CVE-2021-43226 flaw is designed to grant.

prevent

Access-enforcement mechanisms in the kernel and driver stack block the unauthorized elevation path that the Common Log File System vulnerability exposes.

prevent

Requires prompt installation of the vendor patch that directly eliminates the exploitable flaw in the Windows CLFS driver.

References