#VU53902 Improper Privilege Management in Windows and Windows Server - CVE-2021-33739

Cybersecurity Help s.r.o.

Published: 2021-06-08 | Updated: 2021-12-22

Vulnerability identifier: #VU53902

Vulnerability risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-33739

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 10 20H2 10.0.19042.572, 10 21H1 10.0.19043.985, 10 1909 10.0.18363.476, 10 2004 10.0.19041.264

Windows Server: 2019 20H2 - 2019 2004

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Remote code execution in Microsoft DWM Core Library