CISA has added a new vulnerability to its catalog that is currently being actively abused on Windows. The related vulnerability can be tracked by CVE-2022-21882 and it allows escalation of privileges on Microsoft Win32k. The CVSS score of the vulnerability is 7.0.
Needs to be patched until 18 February
By CISA’s action of adding the vulnerability to the catalog, the federal agencies will need to patch all of their systems by the 18th of February. CISA has stated that this vulnerability is currently being exploited by the attackers. The vulnerability was addressed with a recent Windows patch but the systems might not be updated yet.
According to Microsoft’s announcement related to the CVE-2022-21882 flaw, a local, authenticated attacker can gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. The flaw affects the systems that are using Windows 10 (1909 and later), Windows 11, Windows Server 20H2, and Windows Server 2022 versions. Elevating the privileges results in several security risks; it is simply opening the door through the system.