CVE-2021-33739

EUVD-2021-20416
Microsoft DWM Core Library Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
8.4 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1909
𝑥
< 10.0.18363.1621
microsoftwindows_10_2004
𝑥
< 10.0.19041.1052
microsoftwindows_10_20h2
𝑥
< 10.0.19042.1052
microsoftwindows_10_21h1
𝑥
< 10.0.19043.1052
microsoftwindows_server_2004
𝑥
< 10.0.19041.1052
microsoftwindows_server_20h2
𝑥
< 10.0.19042.1052
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1909 (arm64, x64, x86)
KB5003635
2004 (arm64, x64, x86)
KB5003637
20H2 (arm64, x86)
KB5003637
21H1 (arm64, x64, x86)
KB5003637
Windows Server
2004 Server Core
KB5003637
20H2 Server Core
KB5003637
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33739