Use-after-free in Windows and Windows Server - CVE-2021-40449
Published: October 12, 2021 / Updated: April 3, 2023
Vulnerability identifier: #VU57249
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-40449
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2021-40449
Install updates from vendor's website.