CVE-2021-40449 — Microsoft Windows Win32k Privilege Escalation Vulnerability

2021-11-17 • CISA Known Exploited Vulnerability

[event] Unspecified vulnerability allows for an authenticated user to escalate privileges.

> AFFECTED SOFTWARE

Field	Value
Vendor	Microsoft
Product	Windows
CWE	CWE-416
CVE ID	CVE-2021-40449
Date Added	2021-11-17
Due Date	2021-12-01
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

Apply updates per vendor instructions.

Due Date: 2021-12-01