CVE-2021-28440: 
vulnerability analysis and mitigation

Windows Installer Elevation of Privilege Vulnerability (CVE-2021-28440) was disclosed and affects various versions of Microsoft Windows operating systems. The vulnerability was reported to Microsoft and was assigned a CVE ID on March 15, 2021. This vulnerability is distinct from CVE-2021-26415 and affects multiple Windows versions including Windows 10, Windows 8.1, and Windows 7 SP1 (NVD, CVE Mitre).

The vulnerability has been assessed with multiple CVSS scores. According to the NVD, it received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Microsoft's own assessment rated it slightly lower at 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a Base Score of 4.6 (MEDIUM) (NVD).

The vulnerability could allow an attacker to gain elevated privileges on affected systems. Given the CVSS scoring, successful exploitation could result in high impacts to confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches through the Microsoft security advisory (Microsoft Advisory).