⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2022-21894Incorrect Authorization in Microsoft Windows 10 Version 1507

CWE-863Incorrect Authorization7 documents7 sources
Severity
4.4MEDIUMCNA
No vector
EPSS
50.2%
top 2.16%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
15
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+12 more
Timeline
PublishedJan 11
Latest updateNov 7

Description

Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability

Affected Packages15 packages

CVEListV5microsoft/windows_8.16.3.06.3.9600.20246
CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.23584
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.4886
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.2452
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.469

🔴Vulnerability Details

3
GHSA
GHSA-q5c9-xwjv-3hcq: Secure Boot Security Feature Bypass Vulnerability2022-01-12
CVEList
Secure Boot Security Feature Bypass Vulnerability2022-01-11
VulnCheck
Secure Boot Security Feature Bypass2022

📋Vendor Advisories

1
Microsoft
Secure Boot Security Feature Bypass Vulnerability2022-01-11

🕵️Threat Intelligence

2
Microsoft
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign2023-04-11
Crowdstrike
May 2023 Patch Tuesday: Updates and Analysis

📄Research Papers

1
arXiv
SoK: Security Below the OS -- A Security Analysis of UEFI2023-11-07
CVE-2022-21894 — Incorrect Authorization in Microsoft | cvebase