CVE-2021-33771: Windows Kernel Elevation of Privilege Vulnerability

Overview

Severity: High (CVSS 7.8)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Category: Elevation of Privilege
Exploit Status: Actively Exploited
Exploitation Likelihood: Detected
Patch Tuesday: 2021-Jul
Released: 2021-07-13
EPSS Score: 6.65% (percentile: 91.2%)
CISA KEV: Listed — due 2021-11-17

Detection & Weaponization (1 sources)

Maturity: Detection

Sigma rules: CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum, CVE-2021-31979 CVE-2021-33771 Exploits

Affected Products (30)

Windows

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Security Updates (7)

Acknowledgments

Microsoft Threat Intelligence Center (MSTIC)<br> Microsoft Security Response Center (MSRC)

Revision History

2021-07-13: Information published.