CVE-2021-38628: 
vulnerability analysis and mitigation

CVE-2021-38628 is a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability that was discovered and disclosed in 2021. The vulnerability affects multiple Microsoft Windows operating systems including Windows 10, Windows 7 SP1, Windows 8.1, Windows Server versions 2008 through 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-269 (Improper Privilege Management). The vulnerability requires local access with low attack complexity and low privileges, but no user interaction is needed (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The vulnerability has high impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5005565, KB5005566, KB5005568, KB5005569, KB5005573, KB5005575, KB5005607, and KB5005627 for different affected Windows versions (Rapid7).