HealthcareCISO

A privilege escalation flaw in Microsoft Win32k could allow an attacker to take control of the affected system. The Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging all entities to apply the patch to Windows 10 and 2019 servers.

The patch was released as part of 55 vulnerabilities addressed by Microsoft on Patch Tuesday.

Made public on February 9, the CVE-2021-1732 vulnerability is found in Windows Server, versions 1909, 2004, and 20H2, as well as Windows 10. Researchers have already detected an exploitation of the flaw in the wild, which further amplifies the need for entities to patch.

The vulnerability is found in the Windows Win32k operating system kernel and received a severity ranking of 7.8 on the CVSS scale. If successfully exploited, an attacker...