CVE-2021-1732: Windows Win32k Elevation of Privilege Vulnerability

Overview

Severity
High (CVSS 7.8)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Category
Elevation of Privilege
Exploit Status
Actively Exploited
Exploitation Likelihood
Detected
Patch Tuesday
2021-Feb
Released
2021-02-09
Last Updated
2021-04-06
EPSS Score
90.06% (percentile: 99.6%)
CISA KEV
Listed — due 2021-11-17

Known Exploits (12)

  • Microsoft Win32k Privilege Escalation Vulnerability — added 2023-07-11T09:29:18Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2023-03-09T07:14:45Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2022-11-01T13:06:17Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2022-02-15T16:55:31Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-05-02T18:10:21+08:00
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-04-25T12:55:15Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-04-23T08:21:54Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-04-02T01:35:41Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-03-08T05:07:15Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2021-03-05T02:11:10Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 2020-08-09T05:48:10Z
  • Microsoft Win32k Privilege Escalation Vulnerability — added 0001-01-01T00:00:00Z

Detection & Weaponization (2 sources)

Maturity: Exploit

  • Metasploit modules: Win32k ConsoleControl Offset Confusion
  • GitHub PoC: 12 repositories

Affected Products (19)

Windows

  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows Server, version 1909 (Server Core installation)
  • Windows 10 Version 2004 for 32-bit Systems
  • Windows 10 Version 2004 for ARM64-based Systems
  • Windows 10 Version 2004 for x64-based Systems
  • Windows Server, version 2004 (Server Core installation)
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)

Security Updates (4)

Acknowledgments

YanZiShuang(<a href="https://twitter.com/madongze">@madongze</a>) of Big CJTeam and Gcow Team, JinQuan, MaDongZe, TuXiaoYi, and LiHao of DBAPPSecurity Co., Ltd

Revision History

  • 2021-02-09: Information published.
  • 2021-04-06: Added acknowledgements. This is an informational change only.