Vendor
Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft
Product
Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Versions
10.0.0 lt 10.0.17763.2366 | 10.0.0 lt 10.0.17763.2366 | 10.0.0 lt 10.0.17763.2366 | 10.0.0 lt 10.0.18363.1977 | 10.0.0 lt 10.0.19043.1415 | 10.0.0 lt 10.0.20348.405 | 10.0.0 lt 10.0.19041.1415 | 10.0.0 lt 10.0.19041.1415 | 10.0.0 lt 10.0.19042.1415 | 10.0.0 lt 10.0.19042.1415 | 10.0.0 lt 10.0.22000.376 | 10.0.0 lt 10.0.19044.1415 | 10.0.0 lt 10.0.10240.19145 | 10.0.0 lt 10.0.14393.4825 | 10.0.0 lt 10.0.14393.4825 | 10.0.0 lt 10.0.14393.4825 | 6.1.0 lt 6.1.7601.25796 | 6.1.0 lt 6.1.7601.25796 | 6.3.0 lt 6.3.9600.20207 | 6.0.0 lt 6.0.6003.21309 | 6.0.0 lt 6.0.6003.21309 | 6.0.0 lt 6.0.6003.21309 | 6.1.0 lt 6.1.7601.25796 | 6.0.0 lt 6.1.7601.25796 | 6.2.0 lt 6.2.9200.23545 | 6.2.0 lt 6.2.9200.23540 | 6.2.0 lt 6.2.9200.23545 | 6.2.0 lt 6.2.9200.23540 | 6.3.0 lt 6.3.9600.20207 | 6.3.0 lt 6.3.9600.20207
CWE
Elevation of Privilege
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Published
2021-12-15T14:15:12.000Z
Updated
2025-10-06T17:35:17.460Z
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2366:*:*:*:*:*:arm64:*cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2366:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1977:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1977:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:arm64:*cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1415:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1415:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1415:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1415:*:*:*:*:*:arm64:*cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1415:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.376:*:*:*:*:*:arm64:*cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:arm64:*cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1415:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19145:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4825:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4825:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_7:6.1.7601.25796:sp1:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20207:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20207:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21309:*:*:*:*:*:x86:*cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25796:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23545:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23540:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20207:*:*:*:*:*:x64:*
AI Summary Analysis
Risk verdict
High risk: exploitation is active on affected Windows versions, with local-privilege escalation potential and total impact on the host.
Why this matters
An attacker with local access can elevate to SYSTEM, achieve full control, and persist or exfiltrate data. With a broad set of Windows client and server versions affected, the operational threat spans desktops, servers, and domain-joined hosts, increasing the potential blast radius across the organisation.
Most likely attack path
Attacker must have local access (AV:L, PR:L) and can exploit without user interaction (UI:N) to achieve total compromise (I:H, C:H, A:H). Once elevated, they could harvest credentials or tokens and attempt lateral movement within the same network, subject to existing trust boundaries and access controls. The lack of remote vector suggests initial access is pre-existing or obtained via compromised endpoint credentials or physical access.
Who is most exposed
Enterprise endpoints running any of the affected Windows 10/11 or Server editions—especially unpatched workstations and servers, including Server Core deployments—are at risk. Organisations with self-managed on-premises assets and wide endpoint diversity are particularly vulnerable.
Detection ideas
- Unusual high-privilege processes starting from low-privilege contexts or after normal logon.
- New or unexpected kernel-mode driver loads or service installations.
- Correlated spikes in privilege-escalation events, token manipulation, or unexpected SYSTEM-level activity.
- Anomalous driver/service modifications outside standard update windows.
- Abnormal driver-related I/O or file-system driver calls around logon events.
Mitigation and prioritisation
- Apply the latest vendor security updates to all affected Windows versions; verify patch compliance across endpoints.
- Enforce least privilege, restrict local admin use, and deploy application whitelisting (WDAC/AppLocker) to limit driver loads.
- Enhance detection with Sysmon/EDR coverage for driver loads, service changes, and token/credential abuse; centralise alerting.
- Short-term compensating controls: isolate or quarantine affected hosts until patched; restrict lateral movement through network segmentation and credential hygiene.
- Plan formal patching windows and test cycles; document rollback and validation steps.
