Windows 10 1909
CVE-2021-33739
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Microsoft DWM Core Library Elevation of Privilege Vulnerability
AnalysisAI
Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
Microsoft DWM Core Library Elevation of Privilege Vulnerability Affected products include: Microsoft Windows 10 1909, Microsoft Windows 10 2004, Microsoft Windows 10 20H2, Microsoft Windows 10 21H1, Microsoft Windows Server 2004.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Windows 10 1909
View allA remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no auth
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl
Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerabilit
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today