CVE-2022-21981: 
vulnerability analysis and mitigation

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2022-21981) was disclosed on February 8, 2022. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD, Rapid7).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required with low attack complexity. Under CVSS v2.0, it received a base score of 4.6 (MEDIUM) with the vector (AV:L/AC:L/Au:N/C:P/I:P/A:P) (NVD).

This elevation of privilege vulnerability in the Windows Common Log File System Driver could allow an attacker to gain elevated system privileges. The vulnerability affects confidentiality, integrity, and availability of the system, with all three aspects rated as High in the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. Updates are available through various KB articles including KB5010342, KB5010345, KB5010351, KB5010354, KB5010358, KB5010359, KB5010386, KB5010395, and KB5010412 (Rapid7).