Technical Severity
HIGH
CVSS v3.1 Metrics
7.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
3.68
%
Predictive Probability
Percentile Rank
87.6
th
Documented as more likely to be exploited than 87.6% of known CVEs.
Detection Date
Nov 03, 2021
Remediation Due
May 03, 2022
CISA Catalog Active
Threat Analysis
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
Remediation Directive
Apply updates per vendor instructions.