⚠ Actively exploited
Added to CISA KEV on 2022-08-18. Federal agencies required to patch by 2022-09-08. Required action: Apply updates per vendor instructions..

CVE-2022-21971

CWE-8246 documents6 sources
Severity
7.8HIGH
EPSS
87.1%
top 0.55%
CISA KEV
KEV
Added 2022-08-18
Due 2022-09-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
17
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 1909Microsoft Windows 10 Version 20h2+14 more
Timeline
PublishedFeb 9
KEV addedAug 18
KEV dueSep 8
CISA Required Action: Apply updates per vendor instructions.

Description

Windows Runtime Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

NVDmicrosoft/windows< 10.0.17763.2565+2
NVDmicrosoft/windows_10_1809< 10.0.17763.2565
NVDmicrosoft/windows_10_1909< 10.0.18363.2094
NVDmicrosoft/windows_10_20h2< 10.0.19042.1526
NVDmicrosoft/windows_10_21h1< 10.0.19043.1526

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-58gj-2v59-wxcq: Windows Runtime Remote Code Execution Vulnerability2022-02-10
CVEList
Windows Runtime Remote Code Execution Vulnerability2022-02-09
VulnCheck
Microsoft Windows Runtime Remote Code Execution Vulnerability2022

📋Vendor Advisories

2
CISA
Microsoft Windows Runtime Remote Code Execution Vulnerability2022-08-18
Microsoft
Windows Runtime Remote Code Execution Vulnerability2022-02-08
CVE-2022-21971 (HIGH CVSS 7.8) | Windows Runtime Remote Code Executi | cvebase.io