CVE-2021-36948: 
vulnerability analysis and mitigation

Windows Update Medic Service Elevation of Privilege Vulnerability (CVE-2021-36948) was discovered and disclosed in August 2021. This vulnerability affects multiple versions of Microsoft Windows 10 and Windows Server systems, including Windows 10 versions 1809 through 21H1, and Windows Server 2019 (NVD). The vulnerability was serious enough to be included in CISA's Known Exploited Vulnerabilities Catalog, with a required action date of November 17, 2021 (NVD).

The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, but can result in high impacts to confidentiality, integrity, and availability. Under CVSS v2.0, it received a medium severity score of 4.6 (NVD).

The vulnerability allows an attacker to gain elevated privileges on affected systems. Ironically, the vulnerability exists in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines, making it particularly concerning for system security (Krebs).

Microsoft released security updates to address this vulnerability through several KB patches including KB5005030 for Windows 10 version 1809, KB5005031 for version 1909, and KB5005033 for versions 2004, 20H2, and 21H1. Organizations were advised to apply these updates immediately (Rapid7).