← back
CVE-2021-34484

Windows User Profile Service Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 14.4%● KEV
Vexday Risk Score
56Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 14.4%KEV simPoC Nuclei Metasploit Patch
Lifecycle
12 Aug 2021Published on NVD
31 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Windows User Profile Service allows an attacker with local access to gain elevated privileges and take control of the system. This is dangerous because it lets ordinary users become administrators without proper authorization.

Technical detail

Local privilege escalation vulnerability in Windows User Profile Service exploitable by authenticated local users. The vulnerability allows arbitrary code execution with SYSTEM privileges through improper permission handling in profile-related operations.

Summary generated and translated by AI from the official description.
Windows User Profile Service Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C