Multiple vulnerabilities in Microsoft Windows Win32k

Published: 2021-03-09 | Updated: 2021-04-12

Risk	Low
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2021-26900 CVE-2021-26863 CVE-2021-26875 CVE-2021-27077
CWE-ID	CWE-264 CWE-822
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system
Vendor	Microsoft

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

Updated: 12.04.2021

Updated vulnerability #4.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51283

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-26900

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 20H2 10.0.19042.572 - 10 2004 10.0.19041.264

Windows Server: 2019 20H2 - 2019 2004

CPE2.3

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26900

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51286

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-26863

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 20H2 10.0.19042.572 - 10 2004 10.0.19041.264

Windows Server: 2019 10.0.17763.1 - 2019 2004

CPE2.3

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51285

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-26875

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10

Windows Server: 2008 R2 - 2019 2004

CPE2.3

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26875

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Untrusted Pointer Dereference

EUVDB-ID: #VU51284

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-27077

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference in multiple functions within win32kfull.sys driver. A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code with SYSTEM privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10

Windows Server: 2008 R2 - 2019 2004

CPE2.3

cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.10:*:*:*:*:*:*

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.