Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1655 Security Vulnerability Released: Jan 12, 2021 Assigning CNA: Microsoft Impact: Elevation of Privilege Max Severity: Important CVSS Source: Microsoft CVSS:3.1 7.8 / 6.8 Temporal score metrics (3) Exploit Code Example: Description: This vulnerability allows local attackers to gain elevated privileges on the affected system. The attack vector is local, meaning that the attacker must be physically present or have access to the system. The attack complexity is low, indicating that the attacker does not need to perform complex actions to exploit the vulnerability. The privileges required are low, meaning that the attacker does not need to have elevated privileges to exploit the vulnerability. The user interaction is none, indicating that the attacker does not need to interact with the user to exploit the vulnerability. The scope is unchanged, meaning that the attacker can only exploit the vulnerability on the local system. The confidentiality, integrity, and availability are high, indicating that the attacker can gain access to sensitive information, modify it, and cause the system to become unavailable. Solution: Microsoft has released a security update to address this vulnerability. Users are advised to apply the security update as soon as possible to mitigate the risk of exploitation. Acknowledgements: The vulnerability was discovered by Microsoft's security team and is assigned to the Microsoft CNA (Coordinated Disclosure) program.