CVE-2021-31199

ENISA EUVD: EUVD-2021-18112 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 3 articles Published: 2021-06-08

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.42%

probability

This CVE has a 0.42% probability of being exploited in the next 30 days.

0% Top 62.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

5.2

MEDIUM

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

CVSS v2 (legacy)

4.6

MEDIUM

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Description

NVD

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Affected Products

Microsoft

Windows 10 Version 1809

10.0.0

Microsoft

Windows Server 2019

10.0.0

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0

Microsoft

Windows 10 Version 1909

10.0.0

Microsoft

Windows 10 Version 21H1

10.0.0

microsoft

windows 10 1507

microsoft

windows 10 1607

microsoft

windows 10 1809

microsoft

windows 10 1909

microsoft

windows 10 2004

Microsoft

Windows 8.1

6.3.0 <6.3.9600.20045

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.0 <6.3.9600.20045

Microsoft

Windows Server 2012 R2

6.3.0 <6.3.9600.20044

Microsoft

Windows 7 Service Pack 1

6.1.0 <6.1.7601.25632

Microsoft

Windows 10 Version 2004

10.0.0 <10.0.19041.1052

Microsoft

Windows 10 Version 20H2

10.0.0 <10.0.19042.1052

Microsoft

Windows Server 2016

10.0.0 <10.0.14393.4467

Microsoft

Windows Server 2012 (Server Core installation)

6.2.0 <6.2.9200.23372

Microsoft

Windows Server version 20H2

10.0.0 <10.0.19042.1052

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21137

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.0 <6.3.9600.20044

Microsoft

Windows Server 2008 R2 Service Pack 1 (Server Core installation)

6.0.0 <6.1.7601.25632

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0 <10.0.17763.1999

Microsoft

Windows 8.1

6.3.0 <6.3.9600.20044

Microsoft

Windows Server 2008 R2 Service Pack 1

6.1.0 <6.1.7601.25632

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21137

Microsoft

Windows 10 Version 1809

10.0.0 <10.0.17763.1999

Microsoft

Windows Server 2016 (Server Core installation)

10.0.0 <10.0.14393.4467

Microsoft

Windows Server 2008 Service Pack 2 (Server Core installation)

6.0.0 <6.0.6003.21137

Microsoft

Windows 10 Version 21H1

10.0.0 <10.0.19043.1052

Microsoft

Windows Server 2012 R2

6.3.0 <6.3.9600.20045

Microsoft

Windows Server 2019

10.0.0 <10.0.17763.1999

Microsoft

Windows Server version 2004

10.0.0 <10.0.19041.1052

Microsoft

Windows 10 Version 1607

10.0.0 <10.0.14393.4467

Microsoft

Windows Server 2012

6.2.0 <6.2.9200.23372

Microsoft

Windows 10 Version 1909

10.0.0 <10.0.18363.1621

Microsoft

Windows 7

6.1.0 <6.1.7601.25632

Microsoft

Windows 10 Version 1507

10.0.0 <10.0.10240.18967

Google Project Zero

Patched

June 8, 2021

Reported by

???

Root Cause Analysis

???

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.42%

CVSS v3.1 5.2

Mentions 3

Last Seen Nov 09, 2021

CNA Information

CNA Assigner

microsoft

CNA Title

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateJun 08, 2021