CVE-2021-36975: 
vulnerability analysis and mitigation

Win32k Elevation of Privilege Vulnerability (CVE-2021-36975) was disclosed on September 14, 2021. This vulnerability affects various versions of Microsoft Windows, including Windows 10 and Windows Server installations. The vulnerability is unique from CVE-2021-38639 and has been assigned a CVSS v3.1 base score of 7.8 (HIGH) (NVD).

The vulnerability is classified as an Elevation of Privilege vulnerability in the Windows Win32k component. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that it requires local access, low attack complexity, and low privileges to exploit. The vulnerability is associated with CWE-269 (Improper Privilege Management) (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The high CVSS score of 7.8 indicates significant potential impact on the confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5005565, KB5005566, KB5005568, and KB5005575 for affected Windows versions (Rapid7).