CVE CyberSecurity Database News

CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability

Poster -

This vulnerability is due to inadequate validation of user-supplied input to a system that manages user profiles. An attacker who successfully exploited this vulnerability could log into an organizational network or host, and then gain elevated privileges on the system. There are workarounds that could be applied to mitigate against this vulnerability. However, if the resolution is not feasible, users should consider using privileged accounts with limited access. Microsoft Windows 10, Windows 10 Servers, Windows 10 Mobile and Windows 10 IoT are affected by this vulnerability. This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2022. Microsoft Windows 7, Windows 8, Windows 8.1 and Windows 10 are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022. This vulnerability is due to inadequate validation of user-supplied input to a system that manages user profiles. An attacker who successfully exploited this vulnerability could log into an organizational network or host, and then gain elevated privileges on the system. There are workarounds that could be applied to mitigate against this vulnerability. However, if the resolution is not feasible, users should consider using privileged accounts with limited access. Microsoft Windows 10, Windows 10 Servers, Windows 10 Mobile and Windows 10 IoT are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022.

Microsoft Windows 7, Windows 8, Windows 8.1 and Windows 10

Microsoft Windows 7, Windows 8, Windows 8.1 and Windows 10 are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022.
This vulnerability is due to inadequate validation of user-supplied input to a system that manages user profiles. An attacker who successfully exploited this vulnerability could log into an organizational network or host, and then gain elevated privileges on the system. There are workarounds that could be applied to mitigate against this vulnerability. However, if the resolution is not feasible, users should consider using privileged accounts with limited access. Microsoft Windows 10, Windows 10 Servers, Windows 10 Mobile and Windows 10 IoT are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022

Windows 10 Version 1607 and Windows Server 2016

Windows 10 Version 1607, Windows Server 2016 and Windows Server, version 1709 are affected by this vulnerability. This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2022.

An attacker who successfully exploited this vulnerability could log into an organizational network or host, and then gain elevated privileges on the system. There are workarounds that could be applied to mitigate against this vulnerability. However, if the resolution is not feasible, users should consider using privileged accounts with limited access.

Vulnerability overview

This vulnerability allows an attacker who has gained access to a user account on a system with Windows 10 and Windows Server 2016, Windows 10 Mobile or Windows 10 IoT to gain elevated privileges on the system.

The vulnerability exists due to inadequate validation of user-supplied input to a system that manages user profiles. An attacker who successfully exploited this vulnerability could log into an organizational network or host, and then gain elevated privileges on the system. There are workarounds that could be applied to mitigate against this vulnerability. However, if the resolution is not feasible for users, it may be necessary for them to consider using privileged accounts with limited access. Microsoft Windows 10, Windows 10 Servers, Windows 10 Mobile and Windows 10 IoT are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022.

Microsoft Windows 7 and Windows Server 2008 R2

Windows 7 and Windows Server 2008 R2 are affected by this vulnerability. This vulnerability has been assigned Common VUID CVE-2022.

Timeline

Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC

References