4.6
CVSSv2

CVE-2021-40449

Published: 13/10/2021 Updated: 19/10/2021
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Windows use-after-free vulnerability in the NtGdiResetDC function of the Win32k driver leads elevation of privilege. Functional exploit code is available. Affected Windows versions: Vista, 7, 8, 8.1, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Windows 10 (build 14393), Server 2016 (build 14393), 10 (build 17763), and Server 2019 (build 17763)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1607

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 2004

microsoft windows 11 -

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 20h2

microsoft windows server 2004

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2019 -

microsoft windows server 2022

Github Repositories

CVE-2021-40449-Exploit olny tested on windows 10 14393 Use Palette to Spay and RtlSetAllBits to Write

Git-Daily Github Security Daily Repository 尝试记录github项目并添加关键词便于检索 -- 20211022 githubcom/jfmaes/FunWithServerless serverless proxy 代码示例 (python) githubcom/0x727/JNDIExploit JNDI注入利用工具(java) githubcom/0x727/SpringBootExploit SpringBoot利用工具(java) githubcom/nospaceships/raw-sock

CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal short wu along with the UAF vulnerabilty other primitives are being used to make this exploit possible: leaking the exploit's access token address in ring0 via NtQuerySystemInformation() function with the SystemHandleInformation parameter using rtlSetAllBits() as a gad

CVE-2021-40449-Exploit olny tested on windows 10 14393 Use Palette to Spay and RtlSetAllBits to Write

English | 简体中文 Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper has integrated 80+ modules, covering Resource Development / I

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation The vulnerability was found in the wild by Kaspersky The discovered exploit was written to support the following Windows products: Microsoft Windows Vista Micr

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation The vulnerability was found in the wild by Kaspersky The discovered exploit was written to support the following Windows products: Microsoft Windows Vista Micr

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Threatpost • Lisa Vaas • 12 Oct 2021

Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers.
Microsoft reported a total of 74 vulnerabilities, three of which are rated critical.
Security researchers pointed to CVE-2021-40449, an elevation of privilege vulnerability in Win32k, as standing out from the crowd of patches, given that It’s...

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
Threatpost • Tara Seals • 12 Oct 2021

Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) espionage campaign this summer. The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data.
Microsoft patched the bug (CVE-2021-40449) as part of its October Patch Tuesday updates, ...

Chinese hackers use Windows zero-day to attack defense, IT firms
BleepingComputer • Sergiu Gatlan • 12 Oct 2021

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).
The malware, known as 
, was found by Kaspersky security researchers on multiple Microsoft Servers between late August and early September 2021.
They also found an elevation of privilege exploit targeting the Win32k driver security flaw tracked as 
 and patched by Microsoft today, as part of this month's Patc...

Microsoft Patch Tuesday bug harvest festival comes to town
The Register • Thomas Claburn in San Francisco • 12 Oct 2021

Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone

Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month.
Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity.
Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security fea...