By zerosday cve bot•October 6, 2025•
cves
CVE-2021-43226: Microsoft Windows Privilege Escalation Vulnerability (Pentest Lab Guide)
CVE-2021-43226: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-23T23:39:47.094Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Context preserved from previous revision: Windows Common Log File System Driver Elevation of Privilege Vulnerability Notes: Windows Common Log File System Driver POC
Technical Details
- CVE: CVE-2021-43226
- KEV date added: 2025-10-06
- KEV due date: 2025-10-27
- NVD published: 2021-12-15
- NVD modified: 2025-10-30
- MITRE modified: 2025-10-21
- CVSS base score: 7.8
- CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 1.8
- CVSS impact score: 5.9
- Attack vector: Local
- Attack complexity: Low
- Privileges required: Low
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 1507 (versions: < 10.0.10240.19145)
- microsoft / windows 10 1607 (versions: < 10.0.14393.4825)
- microsoft / windows 10 1809 (versions: < 10.0.17763.2366)
- microsoft / windows 10 1909 (versions: < 10.0.18363.1977)
- microsoft / windows 10 2004 (versions: < 10.0.19041.1415)
- microsoft / windows 10 20h2 (versions: < 10.0.19042.1415)
- microsoft / windows 10 21h1 (versions: < 10.0.19043.1415)
- microsoft / windows 10 21h2 (versions: < 10.0.19044.1415)
- microsoft / windows 11 21h2 (versions: < 10.0.22000.376)
- microsoft / windows 7
- microsoft / windows 8.1
- microsoft / windows rt 8.1
- microsoft / windows server 2004 (versions: < 10.0.19041.1415)
- microsoft / windows server 2008
- microsoft / windows server 2008 (versions: r2)
- microsoft / windows server 2012
- microsoft / windows server 2012 (versions: r2)
- microsoft / windows server 2016 (versions: < 10.0.14393.4825)
- microsoft / windows server 2019 (versions: < 10.0.17763.2366)
- microsoft / windows server 2022 (versions: < 10.0.20348.405)
Weakness Classification
- NVD-CWE-noinfo
- CWE-noinfo Not enough information
Repositories for Lab Validation (Public Examples)
- KaLendsi/CVE-2021-43224-POC | stars: 95 | updated: 2025-03-27 | https://github.com/KaLendsi/CVE-2021-43224-POC
Notes: Windows Common Log File System Driver POC - Rosayxy/cve-2021-43226PoC | stars: 2 | updated: 2024-01-17 | https://github.com/Rosayxy/cve-2021-43226PoC
Notes: a Proof of Concept of cve-2021-43226,stack overflow in Windows driver clfs.sys - 0xcrypto/apple-cves | stars: 0 | updated: 2026-03-22 | https://github.com/0xcrypto/apple-cves
People and Organizations Mentioned
- microsoft
- Windows
- KaLendsi
- Rosayxy
- 0xcrypto
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Create low-privilege users on microsoft / windows 10 1507 (versions: < 10.0.10240.19145) and validate that patching blocks unauthorized admin-level actions.
- Compare token/privilege transitions in Windows Event Logs before and after remediation.
- Tune detections for unusual group membership changes and SYSTEM-level process launches from user sessions.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2021-43226
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2021-43226
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43226 ; https://nvd.nist.gov/vuln/detail/CVE-2021-43226
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43226
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43226
- Repository example: https://github.com/KaLendsi/CVE-2021-43224-POC
- Repository example: https://github.com/Rosayxy/cve-2021-43226PoC
- Repository example: https://github.com/0xcrypto/apple-cves
This content is for defensive security training and authorized validation only.