9.3
CVSSv2

CVE-2021-31956

Published: 08/06/2021 Updated: 14/06/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows NTFS Elevation of Privilege Vulnerability. Functional exploit code is available. The code works in most situations where the vulnerability exists.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1607

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 r2

microsoft windows server 2008 sp2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2016 20h2

microsoft windows server 2016 2004

microsoft windows server 2019 -

Recent Articles

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws
Threatpost • Lisa Vaas • 08 Jun 2021

Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.
Five of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while ...

Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Kaspersky security researchers discovered a new threat actor dubbed 
who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.
According to Kaspersky, the attacks coordinated by PuzzleMaker were first spotted during mid-April when the first victims' networks were compromised.
The zero-day exploit chain deployed in the campaign used a remote code execution vulnerability in the Google Chrome V8 JavaScr...