CVE-2021-27077: 
vulnerability analysis and mitigation

CVE-2021-27077 is a Windows Win32k Elevation of Privilege Vulnerability that was discovered in December 2020 and publicly disclosed in March 2021. The vulnerability affects multiple versions of Microsoft Windows operating system through the win32kfull.sys driver (NVD, ZDI-287).

The vulnerability exists within the win32kfull.sys driver and stems from improper validation of user-supplied values before dereferencing them as pointers. It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw is related to multiple functions including MulGradientFill, MulStrokePath, and MulStrokeAndFillPath, among others (ZDI-403, ZDI-482).

When successfully exploited, this vulnerability allows attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. This means an attacker could gain full system privileges, effectively taking complete control of the affected system (ZDI-494).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches through Windows Update. The fix was included in Microsoft's security updates (MSRC).