Vulnerability Details : CVE-2021-40449

Win32k Elevation of Privilege Vulnerability
Vulnerability category: Gain privilege
Published 2021-10-13 01:15:10
Updated 2023-08-01 23:15:17
View at NVD,
At least one public exploit which can be used to exploit this vulnerability exists!
CVE-2021-40449 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Win32k Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Added on 2021-11-17 Action due date 2021-12-01

Exploit prediction scoring system (EPSS) score for CVE-2021-40449

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2021-40449

  • Win32k NtGdiResetDC Use After Free Local Privilege Elevation
    Disclosure Date : 2021-10-12
    A use after free vulnerability exists in the `NtGdiResetDC()` function of Win32k which can be leveraged by an attacker to escalate privileges to those of `NT AUTHORITY\SYSTEM`. The flaw exists due to the fact that this function calls `hdcOpenDCW()`, which performs a user mode callback. During this callback, attackers can call the `NtGdiResetDC()` function again with the same handle as before, which will result in the PDC object that is referenced by this handle being freed. The attacker can then replace the memory referenced by the handle with their own object, before passing execution back to the original `NtGdiResetDC()` call, which will now use the attacker's object without appropriate validation. This can then allow the attacker to manipulate the state of the kernel and, together with additional exploitation techniques, gain code execution as NT AUTHORITY\SYSTEM. This modul

CVSS scores for CVE-2021-40449

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]
[email protected]
[email protected]

CWE ids for CVE-2021-40449

References for CVE-2021-40449

Products affected by CVE-2021-40449

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!