⚠ Actively exploited
Added to CISA KEV on 2022-11-08. Federal agencies required to patch by 2022-12-09. Required action: Apply updates per vendor instructions..

CVE-2022-41125

CWE-787Out-of-bounds Write7 documents7 sources
Severity
7.8HIGH
EPSS
0.7%
top 27.91%
CISA KEV
KEV
Added 2022-11-08
Due 2022-12-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
28
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+25 more
Timeline
KEV addedNov 8
PublishedNov 9
KEV dueDec 9
Latest updateMay 5
CISA Required Action: Apply updates per vendor instructions.

Description

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages29 packages

NVDmicrosoft/windows< 10.0.14393.5501+3
CVEListV5microsoft/windows_8.16.3.06.3.9600.20671
NVDmicrosoft/windows_10_1507< 10.0.10240.19567
NVDmicrosoft/windows_10_1607< 10.0.14393.5501
NVDmicrosoft/windows_10_1809< 10.0.17763.3650

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

4
OSV
python-scrapy vulnerabilities2025-05-05
GHSA
GHSA-5vr9-7945-27pf: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability2022-11-10
CVEList
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability2022-11-09
VulnCheck
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability2022

📋Vendor Advisories

2
Microsoft
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability2022-11-08
CISA
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability2022-11-08
CVE-2022-41125 (HIGH CVSS 7.8) | Windows CNG Key Isolation Service E | cvebase.io