QID 91842

Date Published: 2021-12-01

QID 91842: Microsoft Windows 10 Elevation of Privilege Vulnerability (Zero-day)

An unpatched (zero-day) Windows security vulnerability could allow Information disclosure and Local Privilege Escalation (LPE) on vulnerable systems
The incompletely patched vulnerability for CVE-2021-24084 could also be exploited to gain administrator privileges and run malicious code on Windows 10 machines running the latest security updates.

Affected Software:
Windows 10 Version 20H2
Windows 10 Version 21H1
Windows 10 Version 2004
Windows 10 Version 1909
Windows 10 Version 1903
Windows 10 Version 1809

Note: Windows Servers, Windows 11, Windows 10(Version 1803 and earlier) are not affected.

The vulnerable functionality exists under the "access work or school" settings. A normal user can make use of the "export your management log files" function, which triggers the Device Management Enrollment Service.

  • CVSS V3 rated as Medium - 5.5 severity.
  • CVSS V2 rated as Medium - 4.9 severity.
  • Solution
    There are no vendor supplied patches available at this time.
    Vendor References

    CVEs related to QID 91842

    Software Advisories
    Advisory ID Software Component Link
    © CVE.report 2026 |

    Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

    CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

    Free CVE JSON API cve.report/api

    CVE.report and Source URL Uptime Status status.cve.report