CVE-2021-40449 — HIGH (7.8)

Q: What is CVE-2021-40449?

CVE-2021-40449 is a vulnerability with a CVSS score of 7.8 (HIGH). Win32k Elevation of Privilege Vulnerability

Q: How severe is CVE-2021-40449?

CVE-2021-40449 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-40449?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 1909, Microsoft Windows 10 2004.

Vulnerability Description

Win32k Elevation of Privilege Vulnerability

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 1507	< 10.0.10240.19086
Microsoft	Windows 10 1607	< 10.0.14393.4704
Microsoft	Windows 10 1809	< 10.0.17763.2237
Microsoft	Windows 10 1909	< 10.0.18363.1854
Microsoft	Windows 10 2004	< 10.0.19041.1288
Microsoft	Windows 10 20H2	< 10.0.19041.1288
Microsoft	Windows 10 21H1	< 10.0.19041.1288
Microsoft	Windows 11	All versions
Microsoft	Windows 11 21H2	< 10.0.22000.258
Microsoft	Windows 7	-
Microsoft	Windows 8.1	-
Microsoft	Windows Rt 8.1	-
Microsoft	Windows Server 2004	< 10.0.19041.1288
Microsoft	Windows Server 2008	-
Microsoft	Windows Server 2012	-
Microsoft	Windows Server 2016	< 10.0.14393.4704
Microsoft	Windows Server 2019	< 10.0.17763.2237
Microsoft	Windows Server 2022	< 10.0.20348.288
Microsoft	Windows Server 20H2	< 10.0.19042.1288

Related Weaknesses (CWE)

CWE-416

References

http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-LExploitThird Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4044PatchVendor Advisory
http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-LExploitThird Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-4044PatchVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource

FAQ

What is CVE-2021-40449?

CVE-2021-40449 is a vulnerability with a CVSS score of 7.8 (HIGH). Win32k Elevation of Privilege Vulnerability

How severe is CVE-2021-40449?

CVE-2021-40449 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40449?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 1909, Microsoft Windows 10 2004.