CVE-2024-21437

EUVD-2024-19146
Windows Graphics Component Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.20526
microsoftwindows_10_1607
𝑥
< 10.0.14393.6796
microsoftwindows_10_1607
𝑥
< 10.0.14393.6796
microsoftwindows_10_1809
𝑥
< 10.0.17763.5576
microsoftwindows_10_1809
𝑥
< 10.0.17763.5576
microsoftwindows_10_1809
𝑥
< 10.0.17763.5576
microsoftwindows_10_21h2
𝑥
< 10.0.19044.4170
microsoftwindows_10_22h2
𝑥
< 10.0.19045.4170
microsoftwindows_11_21h2
𝑥
< 10.0.22000.2836
microsoftwindows_11_22h2
𝑥
< 10.0.22621.3296
microsoftwindows_11_23h2
𝑥
< 10.0.22631.3296
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.6796
microsoftwindows_server_2019
𝑥
< 10.0.17763.5576
microsoftwindows_server_2022
𝑥
< 10.0.20348.2340
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.763
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5035858
1607 (x64, x86)
KB5035855
1809 (arm64, x64, x86)
KB5035849
21H2 (arm64, x64, x86)
KB5035845
22H2 (arm64, x64, x86)
KB5035845
Windows 11
21H2 (arm64, x64)
KB5035854
22H2 (arm64, x64)
KB5035853
23H2 (arm64, x64)
KB5035853
Windows Server 2008
Service Pack 2 (x64, x86)
KB5035933
Service Pack 2 Server Core (x64, x86)
KB5035933
Windows Server 2008 R2
Service Pack 1 (x64)
KB5035919
Service Pack 1 Server Core (x64)
KB5035919
Windows Server 2012
Server Core
KB5035930
Standard
KB5035930
Windows Server 2012 R2
Server Core
KB5035885
Standard
KB5035885
Windows Server 2016
Server Core
KB5035855
Standard
KB5035855
Windows Server 2019
Server Core
KB5035849
Standard
KB5035849
Windows Server 2022
23H2 Server Core
KB5035856
Server Core
KB5035857
Standard
KB5035857
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21437
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21437