⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-12-09.
CVE-2022-41091
Severity
5.4MEDIUM
EPSS
7.4%
top 8.26%
CISA KEV
KEVRansomware
Added 2022-11-08
Due 2022-12-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
KEV addedNov 8
PublishedNov 9
Latest updateNov 10
KEV dueDec 9
CISA Required Action: Apply updates per vendor instructions.
Description
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5