CVE-2021-43245: Windows Digital TV Tuner Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Dec

Released

2021-12-14

Last Updated

2022-07-12

EPSS Score

0.19% (percentile: 41.1%)

Affected Products (11)

ESU

• Windows 7 for 32-bit Systems Service Pack 1
• Windows 7 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Windows

• Windows 8.1 for 32-bit systems
• Windows 8.1 for x64-based systems
• Windows RT 8.1

Security Updates (6)

• 5015861
• 5015862
• 5015874
• 5015877
• 5015863
• 5015875

Acknowledgments

JIWO Technology Co., Ltd

Revision History

• 2021-12-14: Information published.
• 2022-07-12: To comprehensively address CVE-2021-43245, Microsoft has released July 2022 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.