Critical Windows Kernel Bug CVE2021-1732

2/11/2021

One of the patched and actively exploited zero-day, tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability' allows an attacker or malicious program to elevate their privileges to administrative privileges.

Overview

Microsoft has plugged 56 security holes, 11 of which are critical, in the Patch Tuesday of February 2021.
One of the patched and actively exploited zero-day, tracked as ‘CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability’ allows an attacker or malicious program to elevate their privileges to administrative privileges.
The vulnerability was discovered by researchers at DBAPPSecurity.
The vulnerability is rated 7.8 on the CVSS scale.
It exists in the Windows Acquire32k operating program kernel and is an elevationof-privilege (EoP) vulnerability.
A local privilege escalation flaw that affects various versions of Windows 10 and Windows Server.
The vulnerability can be exploited by attackers who have local physical access to the target machine, can access it remotely (e.g., via SSH), or can simply trick the legitimate user into opening a malicious document.

Overview

Microsoft has plugged 56 security holes, 11 of which are critical, in the Patch Tuesday of February 2021.

One of the patched and actively exploited zero-day, tracked as ‘CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability’ allows an attacker or malicious program to elevate their privileges to administrative privileges.

The vulnerability was discovered by researchers at DBAPPSecurity.

The vulnerability is rated 7.8 on the CVSS scale.

It exists in the Windows Acquire32k operating program kernel and is an elevationof-privilege (EoP) vulnerability.

A local privilege escalation flaw that affects various versions of Windows 10 and Windows Server.

The vulnerability can be exploited by attackers who have local physical access to the target machine, can access it remotely (e.g., via SSH), or can simply trick the legitimate user into opening a malicious document.