VDB
CVE-2022-21906
CVE-2022-21906
PUBLISHED
CVSS 5.5 MEDIUM
Windows Defender Application Control Security Feature Bypass Vulnerability.
EPSS 0.95% · 76.8th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
EPSS Score
0.95%
76.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | windows_10_1909 | 10.0.0 |
| microsoft | windows_10_21H2 | 10.0.19043.0 |
| Microsoft | Windows Server 2022 | 10.0.20348.0 |
| microsoft | windows_server_2019 | 10.0.17763.0, 10.0.17763.0 |
| Microsoft | Windows 10 Version 21H2 | 10.0.19043.0 |
| microsoft | windows_11_21H2 | 10.0.0 |
| Microsoft | Windows Server 2019 | 10.0.17763.0 |
| Microsoft | Windows Server version 20H2 | 10.0.0 |
| microsoft | windows_10_21H1 | 10.0.0 |
| microsoft | windows_server_2022 | 10.0.20348.0 |
| Microsoft | Windows 11 version 21H2 | 10.0.0 |
| microsoft | windows_10 | 1909, 1909, 1909 |
| microsoft | windows_11 | |
| microsoft | windows_10_20H2 | 10.0.0 |
| Microsoft | Windows 10 Version 20H2 | 10.0.0 |
| microsoft | windows_server_20H2 | 10.0.0 |
| Microsoft | Windows 10 Version 1809 | 10.0.0, 10.0.17763.0 |
| Microsoft | Windows 10 Version 21H1 | 10.0.0 |
| microsoft | windows_10_1809 | 10.0.0, 10.0.17763.0 |
| Microsoft | Windows 10 Version 1909 | 10.0.0 |
…and 2 more
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21906 (circl)
- Windows Defender Application Control Security Feature Bypass Vulnerability (circl)
- CVE-2022-21882.yara (github-yara)
- CVE-2022-21882.yara (github-yara)
- CVE-2022-21882.yara (github-yara)
- CVE-2022-21882.yara (github-yara)
- CVE-2022-21877.yara (github-yara)
- CVE-2022-21877.yara (github-yara)
- CVE-2022-21877.yara (github-yara)
…and 5 more exploits
Timeline
- Jan 11, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 27, 2023 EPSS Score
References
- https://msrc.microsoft.com/update-guide/ advisory
- Windows Defender Application Control Security Feature Bypass Vulnerability vendor-advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21906 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-21906 advisory
- https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21906 url
- https://www.nu11secur1ty.com/2022/01/cve-2022-21906.html url