← back
CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

CVSS 5.2 MEDIUMEPSS 2.6%● KEV
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.2EPSS 2.6%KEV simPoC Nuclei Metasploit Patch
Lifecycle
08 Jun 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
147 daysto active exploitation (KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

A flaw in Microsoft's Enhanced Cryptographic Provider allows an authenticated attacker to gain higher privileges on the system than they should have. This could let them access or modify sensitive data or system settings.

Technical detail

The vulnerability exists in the Microsoft Enhanced Cryptographic Provider and enables privilege escalation via a local attack vector. An authenticated user can exploit this flaw to elevate their privileges on the affected system, potentially gaining unauthorized access to restricted resources or system functions.

Summary generated and translated by AI from the official description.
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C