← back
CVE-2021-33739

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVSS 8.4 HIGHEPSS 6.6%● KEV
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.4EPSS 6.6%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
08 Jun 2021Published on NVD
09 Jun 2021Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Microsoft's Desktop Window Manager allows an attacker with local access to gain higher privileges and take full control of the system. This is dangerous because it bypasses Windows security protections.

Technical detail

Local privilege escalation vulnerability in the DWM (Desktop Window Manager) Core Library exploited through interaction with graphical window management APIs. An authenticated local attacker can leverage this to elevate privileges to SYSTEM level, compromising system integrity and confidentiality.

Summary generated and translated by AI from the official description.
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.