CVE-2021-27086: 
vulnerability analysis and mitigation

CVE-2021-27086 is a Windows Services and Controller App Elevation of Privilege Vulnerability that was discovered and disclosed in early 2021. The vulnerability affects multiple versions of Microsoft Windows including Windows 10 (versions 1803, 1809, 1909, 2004, 20H2) and Windows Server 2016 and 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability is classified under CWE-863 (Incorrect Authorization) (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected system. The high CVSS score indicates that successful exploitation could lead to complete compromise of system confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability as part of their April 2021 Patch Tuesday updates. Organizations are advised to apply the security updates to affected systems to mitigate the risk (MSRC).