⚠ Actively exploited
Added to CISA KEV on 2022-02-04. Federal agencies required to patch by 2022-02-18. Required action: Apply updates per vendor instructions..

CVE-2022-21882Improper Privilege Management in Microsoft Windows 10 Version 1809

CWE-269Improper Privilege ManagementCWE-787Out-of-bounds Write12 documents7 sources
Severity
7.0HIGHCNA
CISA7.8
No vector
EPSS
90.1%
top 0.41%
CISA KEV
KEV
Added 2022-02-04
Due 2022-02-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 1909Microsoft Windows 10 Version 20h2+6 more
Timeline
PublishedJan 11
KEV addedFeb 4
KEV dueFeb 18
Latest updateJun 20
CISA Required Action: Apply updates per vendor instructions.

Description

Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability

Affected Packages9 packages

CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.2452
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.469
CVEListV5microsoft/windows_10_version_180910.0.17763.010.0.17763.2452+1
CVEListV5microsoft/windows_10_version_190910.0.010.0.18363.2037
CVEListV5microsoft/windows_10_version_20h210.0.010.0.19042.1466

🔴Vulnerability Details

6
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
GHSA
GHSA-m3vx-53cf-jqv4: Win32k Elevation of Privilege Vulnerability2022-01-12
CVEList
Win32k Elevation of Privilege Vulnerability2022-01-11
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability2022

📋Vendor Advisories

2
CISA
Microsoft Win32k Privilege Escalation Vulnerability2022-02-04
Microsoft
Win32k Elevation of Privilege Vulnerability2022-01-11

🕵️Threat Intelligence

4
Unit42
Inside Win32k Exploitation: Analysis of CVE-2022-21882 and CVE-2021-17322023-06-20
Unit42
Inside Win32k Exploitation: Analysis of CVE-2022-21882 and CVE-2021-17322023-06-20
Unit42
Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies2023-06-13
Unit42
Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies2023-06-13
CVE-2022-21882 — Improper Privilege Management | cvebase