CVE-2021-40449

ENISA EUVD: EUVD-2021-27626 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article Published: 2021-10-13

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

91.73%

probability

This CVE has a 91.73% probability of being exploited in the next 30 days.

0% Top 99.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CVSS v2 (legacy)

4.6

MEDIUM

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Description

NVD

Win32k Elevation of Privilege Vulnerability

Affected Products

Microsoft

Windows 10 Version 1809

10.0.0

Microsoft

Windows Server 2019

10.0.0

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0

Microsoft

Windows 10 Version 1909

10.0.0

Microsoft

Windows 10 Version 21H1

10.0.0

microsoft

windows 10 1507

microsoft

windows 10 1607

microsoft

windows 10 1809

microsoft

windows 10 1909

microsoft

windows 10 2004

Microsoft

Windows 10 Version 20H2

10.0.0 <10.0.19041.1288

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21251

Microsoft

Windows 11 version 21H2

10.0.0 <10.0.22000.258

Microsoft

Windows 10 Version 1809

10.0.0 <10.0.17763.2237

Microsoft

Windows 10 Version 1507

10.0.0 <10.0.10240.19086

Microsoft

Windows Server 2008 R2 Service Pack 1 (Server Core installation)

6.0.0 <6.1.7601.25740

Microsoft

Windows 8.1

6.3.0 <6.3.9600.20144

Microsoft

Windows Server 2012 (Server Core installation)

6.2.0 <6.2.9200.23490

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.0 <6.3.9600.20144

Microsoft

Windows 7 Service Pack 1

6.1.0 <6.1.7601.25740

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0 <10.0.17763.2237

Microsoft

Windows 10 Version 21H1

10.0.0 <10.0.19041.1288

Microsoft

Windows Server 2012 R2

6.3.0 <6.3.9600.20144

Microsoft

Windows Server version 2004

10.0.0 <10.0.19041.1288

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21251

Microsoft

Windows Server 2016 (Server Core installation)

10.0.0 <10.0.14393.4704

Microsoft

Windows 10 Version 1607

10.0.0 <10.0.14393.4704

Microsoft

Windows Server 2019

10.0.0 <10.0.17763.2237

Microsoft

Windows Server 2008 R2 Service Pack 1

6.1.0 <6.1.7601.25740

Microsoft

Windows Server 2022

10.0.0 <10.0.20348.288

Microsoft

Windows 7

6.1.0 <6.1.7601.25740

Microsoft

Windows Server version 20H2

10.0.0 <10.0.19042.1288

Microsoft

Windows Server 2008 Service Pack 2 (Server Core installation)

6.0.0 <6.0.6003.21251

Microsoft

Windows Server 2012

6.2.0 <6.2.9200.23490

Microsoft

Windows 10 Version 1909

10.0.0 <10.0.18363.1854

Microsoft

Windows 10 Version 2004

10.0.0 <10.0.19041.1288

Microsoft

Windows Server 2016

10.0.0 <10.0.14393.4704

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Patched

Oct. 12, 2021

Reported by

Boris Larin (oct0xor) with Kaspersky

Root Cause Analysis

???

Exploits & PoC

ly4k/CallbackHell

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

478 2021-11-11

KaLendsi/CVE-2021-40449-Exploit

windows 10 14393 LPE

98 2021-10-28

Kristal-g/CVE-2021-40449_poc

Exploit for CVE-2021-40449

52 2021-11-07

hakivvi/CVE-2021-40449

LPE exploit for a UAF in Windows (CVE-2021-40449).

45 2021-11-05

CppXL/cve-2021-40449-poc

1 2021-11-12

toanthang1842002/CVE-2021-40449

0 2023-07-17

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40449

x_refsource_MISC

http://packetstormsecurity.com/files/164926/Win32k-NtGdiResetDC-Use-After-Free-Local-Privilege-Escalation.html

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 91.73%

CVSS v3.1 7.8

Mentions 1

Last Seen Oct 12, 2021

CNA Information

CNA Assigner

microsoft

CNA Title

Win32k Elevation of Privilege Vulnerability

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 10

APT 29

apt_group Information theft and espionage 🇷🇺 RU

Cobalt

apt_group Financial crime 🇷🇺 RU

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Hacking Team

apt_group 🇮🇹 IT

Infy

apt_group Information theft and espionage 🇮🇷 IR

Earth Lamia

apt_group Information theft and espionage 🇨🇳 CN

IronHusky

apt_group Information theft and espionage 🇨🇳 CN

APT 22

apt_group Information theft and espionage 🇨🇳 CN

Mana Team

apt_group 🇨🇳 CN

Iron Group

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateOct 13, 2021