CVE-2021-1732 Windows 0-Day Threat Intel Advisory

CloudSEK threat intelligence advisory on CVE-2021-1732 zero-day vulnerability that targets Windows infrastructure.
Updated on
February 27, 2023
Published on
February 26, 2021
Read time
Subscribe to the latest industry news, technologies and resources.
Vulnerability Intelligence
Vulnerability Type
Privilege Escalation
7.8 High Risk
Windows 10 & Windows Server 2019


Executive Summary

CVE-2021-1732 is a local privilege escalation zero-day vulnerability, that is leveraged by an APT in their ongoing campaigns targeting Windows infrastructure. The attacker exploits a memory bug in the Windows kernel leading to privilege elevation and code execution on the target machine. 

Technical Details

CVE-2021-1732 exists as a result of a memory corruption bug in one of the components (Win32K) in the Windows kernel; upon exploitation, it may trigger out-of-bounds access. Successful exploitation of the bug will give the attacker the ability to obtain System Token that grants the highest privilege to any process in Windows environment leading to potential escalation of privilege from normal user to kernel level which is equivalent to a root user in Linux. The malicious actor pairs this vulnerability with RCE to execute commands on the system with elevated privileges.

Very recently, reports emerged about an APT group dubbed Bitter APT that exploited this bug in their campaigns using the 0-day exploit code.

Affected Platforms

The table given below summarises affected Windows platforms and the respective build versions:

Windows Platform
Build Version
Windows 10 20H2, 1507, 1511,1607, 1703,1709,1803,1809,1903,1909,2004
Windows Server 2019 20H2,1909,2004


  • System level privilege is the highest privilege in Windows OS, a process with system privilege can have read/ write access for any assets in the environment.
  • Only an authenticated attacker can run arbitrary code with elevated privileges.
  • Client-side vulnerabilities can be paired with this vulnerability via social engineering, to compromise the victim.


MSRC has rolled out patches in their latest release of Patch Tuesday (February 09 2021):

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.