Microsoft has classified this as a “critical” vulnerability in their advisory. There are a couple different scenarios where this could be exploited by malicious code. The most obvious one is if an attacker were able to install an arbitrary program onto the machine. This could be done through an infected email, a drive-by download, or even just by convincing a user to click on a malicious link. Depending on the scenario, this could lead to the attacker having full access to the machine.
In addition, it’s possible that a program could be installed that had the “elevation of privilege”. For example, a program that runs at startup or a program that has administrative rights. The attacker would then have the same capabilities as the administrator.
CVE-2022-2191
This vulnerability is similar to CVE-2022-21908 in that there are a couple different ways to exploit it. If an attacker were able to install an arbitrary program on the machine, they would have full control of the machine. Similar to CVE-2022-21908, it’s also possible for an attacker to elevate their privileges through this vulnerability or for a malicious program to start running at startup.
Microsoft Edge CVE-2022-21909
Microsoft has classified this as a “critical” vulnerability in their advisory. There are a couple different scenarios where this could be exploited by malicious code. The most obvious one is if an attacker were able to install an arbitrary program onto the machine. This could be done through an infected email, a drive-by download, or even just by convincing a user to click on a malicious link. Depending on the scenario, this could lead to the attacker having full access to the machine.
In addition, it’s possible that a program could be installed that had the “elevation of privilege”. For example, a program that runs at startup or a program that has administrative rights. The attacker would then have the same capabilities as the administrator.
Microsoft Windows Information Disclosure Vulnerability – CVE-2022-21909
Microsoft has classified this as a “critical” vulnerability in their advisory. There are a couple different scenarios where this could be exploited by malicious code. The most obvious one is if an attacker were able to install an arbitrary program onto the machine. This could be done through an infected email, a drive-by download, or even just by convincing a user to click on a malicious link. Depending on the scenario, this could lead to the attacker having full access to the machine.
In addition, it’s possible that a program could be installed that had the “elevation of privilege”. For example, a program that runs at startup or a program that has administrative rights. The attacker would then have the same capabilities as the administrator.
Known Issues
Microsoft released a statement yesterday that said, “A customer with a single workstation may be able to detect and prevent an exploit by manually copying the registry key from one machine to another. However, this will not help customers on machines that are part of a domain or are in use across multiple offices.” Microsoft also said they have no plans to release a patch for this vulnerability.
The CVE-2022-21908 is a critical vulnerability (seriously?) in Windows 10 affecting all versions of Windows 10. If exploited, it could allow an attacker root access to the computer.
Windows 10 CVE-2022-21908 – Elevation of Privilege
Microsoft has classified this as a “critical” vulnerability in their advisory. There are a couple different scenarios where this could be exploited by malicious code. The most obvious one is if an attacker were able to install an arbitrary program onto the machine. This could be done through an infected email, a drive-by download, or even just by convincing a user to click on a malicious link. Depending on the scenario, this could lead to the attacker having full access to the machine.
In addition, it’s possible that a program could be installed that had the “elevation of privilege”. For example, a program that runs at startup or a program that has administrative rights. The attacker would then have the same capabilities as the administrator.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC