cvelistv5 - cve-2021-40450

CVE-2021-40450 (GCVE-0-2021-40450)

Vulnerability from cvelistv5

Published

2021-10-13 00:26

Modified

2025-10-21 23:25

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Elevation of Privilege

Summary

Win32k Elevation of Privilege Vulnerability

References

URL

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-04-25

Due date: 2022-05-16

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-40450

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:10.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-40450",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:34:09.939626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-04-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:28.974Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-04-25T00:00:00+00:00",
            "value": "CVE-2021-40450 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2237",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.18363.1854",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 21H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19043.1288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1288",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.258",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-10-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Win32k Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:52:21.901Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
        }
      ],
      "title": "Win32k Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-40450",
    "datePublished": "2021-10-13T00:26:49.000Z",
    "dateReserved": "2021-09-02T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:28.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-40450",
      "dateAdded": "2022-04-25",
      "dueDate": "2022-05-16",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-40450",
      "product": "Win32k",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40450\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-10-13T01:15:09.750\",\"lastModified\":\"2025-10-22T00:17:45.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Win32k Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Elevaci\u00f3n de Privilegios en Win32k . Este ID de CVE es diferente de CVE-2021-40449, CVE-2021-41357\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-04-25\",\"cisaActionDue\":\"2022-05-16\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Win32k Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.2237\",\"matchCriteriaId\":\"D03564D3-788A-4BD7-B717-B3681515A5BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.18363.1854\",\"matchCriteriaId\":\"2DFF53D4-2910-4A58-81DF-6DDC01D2C523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19041.1288\",\"matchCriteriaId\":\"C995398E-B786-4AC7-B6D4-790ED8C68F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.1288\",\"matchCriteriaId\":\"129B19A3-40D5-48D4-B3CA-8934062E6933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19043.1288\",\"matchCriteriaId\":\"D78C68AE-C471-4234-B0D0-7E09D2E131AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.258\",\"matchCriteriaId\":\"2FF279C0-02C7-4D60-85E8-9FB89492D738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19041.1288\",\"matchCriteriaId\":\"486E7F23-6A3B-46AA-9F31-91EDF933B36A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.2237\",\"matchCriteriaId\":\"A555704D-BB77-46A3-A0F9-62409FCC5F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.288\",\"matchCriteriaId\":\"6E5F3F99-530D-4065-9133-9C251F89B406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.1288\",\"matchCriteriaId\":\"224FA1B7-84EF-435F-BBFA-33BD39C32595\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T02:44:10.378Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-40450\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:34:09.939626Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-04-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-04-25T00:00:00+00:00\", \"value\": \"CVE-2021-40450 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:34:35.756Z\"}}], \"cna\": {\"title\": \"Win32k Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2237:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1809\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2237\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2237\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2237\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1854:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1854:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1909\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.18363.1854\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:arm64:*\", \"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1288:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 21H1\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19043.1288\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\", \"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.20348.288\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1288:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 2004\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19041.1288\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1288:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 2004\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19041.1288\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1288:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19042.1288\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1288:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19042.1288\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.258:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 21H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.22000.258\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\"]}], \"datePublic\": \"2021-10-12T07:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Win32k Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Elevation of Privilege\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2024-05-29T14:52:21.901Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-40450\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:28.974Z\", \"dateReserved\": \"2021-09-02T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-10-13T00:26:49.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

var-202110-0829

Vulnerability from variot

Win32k Elevation of Privilege Vulnerability. Microsoft Windows 10 , Windows 11 , Windows Server Has Win32k There is a vulnerability that can elevate privileges due to a flaw in. Microsoft Win32k是美国微软（Microsoft）公司的一个用于Windows多用户管理的系统文件. Microsoft Windows Win32K存在权限许可和访问控制问题漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0829",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "windows server 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.20348.288"
      },
      {
        "model": "windows server 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1288"
      },
      {
        "model": "windows 11 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22000.258"
      },
      {
        "model": "windows server 2019",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2237"
      },
      {
        "model": "windows server 2004",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19041.1288"
      },
      {
        "model": "windows 10 1909",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.18363.1854"
      },
      {
        "model": "windows 10 1809",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.2237"
      },
      {
        "model": "windows 10 2004",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19041.1288"
      },
      {
        "model": "windows 10 21h1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19043.1288"
      },
      {
        "model": "windows 10 20h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19042.1288"
      },
      {
        "model": "microsoft windows 10",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2004 (server core installation)"
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022"
      },
      {
        "model": "microsoft windows 11",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019"
      },
      {
        "model": "microsoft windows server 2022",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "(server core installation)"
      },
      {
        "model": "microsoft windows server 2022",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "20h2 (server core installation)"
      },
      {
        "model": "microsoft windows server 2019",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019 (server core installation)"
      },
      {
        "model": "microsoft windows server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022 (server core installation)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "H4iiluv of 73lab with Qingteng",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-40450",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-40450",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-40450",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-40450",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-40450",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-829",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-40450",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Win32k Elevation of Privilege Vulnerability. Microsoft Windows 10 , Windows 11 , Windows Server Has Win32k There is a vulnerability that can elevate privileges due to a flaw in. Microsoft Win32k\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8eWindows\u591a\u7528\u6237\u7ba1\u7406\u7684\u7cfb\u7edf\u6587\u4ef6. \nMicrosoft Windows Win32K\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aWindows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019  (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-40450",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101238",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-40450",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "id": "VAR-202110-0829",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-07-03T23:09:42.834000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Win32k\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40450"
      },
      {
        "title": "Microsoft Win32k Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166546"
      },
      {
        "title": "WindowsPrivilegeEscalation\n2023\n2022\n2021\n2020\n2019\n2018\n2017\n2016\n2015\n2014\n2013\n2012\n2011\n2010\n2009\n2008\n2007\n2006\n2005\n2003\n2000",
        "trust": 0.1,
        "url": "https://github.com/ycdxsb/windowsprivilegeescalation "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      },
      {
        "title": "Known Exploited Vulnerabilities Detector",
        "trust": 0.1,
        "url": "https://github.com/ostorlab/kev "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-40450"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40450"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20211013-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2021/at210045.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101238"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-40450"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/windows-vulnerabilities-of-october-2021-36648"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ycdxsb/windowsprivilegeescalation"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "date": "2021-10-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "date": "2021-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "date": "2021-10-13T01:15:09.750000",
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-40450"
      },
      {
        "date": "2021-10-22T05:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      },
      {
        "date": "2022-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      },
      {
        "date": "2024-07-02T17:03:33.753000",
        "db": "NVD",
        "id": "CVE-2021-40450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Microsoft\u00a0Windows\u00a0 Elevated authority vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003310"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-829"
      }
    ],
    "trust": 0.6
  }
}

gsd-2021-40450

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Win32k Elevation of Privilege Vulnerability

Aliases

CVE-2021-40450

Aliases

CVE-2021-40450

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-40450",
    "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.",
    "id": "GSD-2021-40450"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-40450"
      ],
      "details": "Win32k Elevation of Privilege Vulnerability",
      "id": "GSD-2021-40450",
      "modified": "2023-12-13T01:23:25.496350Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-40450",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows 10 Version 1809",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2237"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2237"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.17763.2237"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 1909",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.18363.1854"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 21H1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19043.1288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2022",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.20348.288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 2004",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19041.1288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server version 2004",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19041.1288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19042.1288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.19042.1288"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 11 version 21H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.22000.258"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Win32k Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2021-40450"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Win32k Elevation of Privilege Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-01T23:15Z",
      "publishedDate": "2021-10-13T01:15Z"
    }
  }
}

CERTFR-2021-AVI-782

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données, un déni de service, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2022
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 Version 2004 pour systèmes 32 bits
Microsoft	Windows	Windows 10 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1909 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1909 pour systèmes x64
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2022 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 20H2 pour systèmes x64
Microsoft	Windows	Windows 10 Version 21H1 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 21H1 pour ARM64-based Systems
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 10 Version 21H1 pour systèmes x64
Microsoft	Windows	Windows 7 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 10 Version 1809 pour ARM64-based Systems
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 2004 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1909 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 20H2 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 11 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 2004 pour systèmes x64
Microsoft	Windows	Windows 11 pour systèmes x64
Microsoft	Windows	Windows 8.1 pour systèmes x64
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 8.1 pour systèmes 32 bits
Microsoft	Windows	Windows Server, version 20H2 (Server Core Installation)
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows 10 Version 20H2 pour ARM64-based Systems
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 pour systèmes 32 bits
Microsoft	Windows	Windows 7 pour systèmes 32 bits Service Pack 1

References

Title

Publication Time

fkie_cve-2021-40450

Vulnerability from fkie_nvd

Published

2021-10-13 01:15

Modified

2025-10-22 00:17

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Win32k Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450

Impacted products

Vendor	Product	Version
microsoft	windows_10_1809	*
microsoft	windows_10_1909	*
microsoft	windows_10_2004	*
microsoft	windows_10_20h2	*
microsoft	windows_10_21h1	*
microsoft	windows_11_21h2	*
microsoft	windows_server_2004	*
microsoft	windows_server_2019	*
microsoft	windows_server_2022	*
microsoft	windows_server_20h2	*

JSON

To clipboard

{
  "cisaActionDue": "2022-05-16",
  "cisaExploitAdd": "2022-04-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03564D3-788A-4BD7-B717-B3681515A5BE",
              "versionEndExcluding": "10.0.17763.2237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFF53D4-2910-4A58-81DF-6DDC01D2C523",
              "versionEndExcluding": "10.0.18363.1854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C995398E-B786-4AC7-B6D4-790ED8C68F8C",
              "versionEndExcluding": "10.0.19041.1288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "129B19A3-40D5-48D4-B3CA-8934062E6933",
              "versionEndExcluding": "10.0.19042.1288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78C68AE-C471-4234-B0D0-7E09D2E131AB",
              "versionEndExcluding": "10.0.19043.1288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF279C0-02C7-4D60-85E8-9FB89492D738",
              "versionEndExcluding": "10.0.22000.258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E7F23-6A3B-46AA-9F31-91EDF933B36A",
              "versionEndExcluding": "10.0.19041.1288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A555704D-BB77-46A3-A0F9-62409FCC5F40",
              "versionEndExcluding": "10.0.17763.2237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5F3F99-530D-4065-9133-9C251F89B406",
              "versionEndExcluding": "10.0.20348.288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "224FA1B7-84EF-435F-BBFA-33BD39C32595",
              "versionEndExcluding": "10.0.19042.1288",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Win32k Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Elevaci\u00f3n de Privilegios en Win32k . Este ID de CVE es diferente de CVE-2021-40449, CVE-2021-41357"
    }
  ],
  "id": "CVE-2021-40450",
  "lastModified": "2025-10-22T00:17:45.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-13T01:15:09.750",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-v7qc-rhmv-f6j4

Vulnerability from github

Published

2022-05-24 19:17

Modified

2025-10-22 00:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-40450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.",
  "id": "GHSA-v7qc-rhmv-f6j4",
  "modified": "2025-10-22T00:32:25Z",
  "published": "2022-05-24T19:17:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40450"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40450"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-40450 (GCVE-0-2021-40450)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

var-202110-0829

Vulnerability from variot

gsd-2021-40450

Vulnerability from gsd

CERTFR-2021-AVI-782

Vulnerability from certfr_avis

Solution

fkie_cve-2021-40450

Vulnerability from fkie_nvd

ghsa-v7qc-rhmv-f6j4

Vulnerability from github

Tags

Sightings

Nomenclature