CVE-2022-23288 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-23288 PUBLISHED CVSS 7 HIGH

Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291.

EPSS 0.36% · 57.7th percentile

Risk Scores

CVSS v3.1

7

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.36%

57.7th percentile

Affected Products

Vendor	Product	Versions
microsoft	windows_10_21H1	10.0.0
Microsoft	Windows 10 Version 1909	10.0.0
Microsoft	Windows Server 2019	10.0.17763.0
microsoft	windows_10_1909	10.0.0
Microsoft	Windows 10 Version 21H2	10.0.19043.0
Microsoft	Windows 10 Version 20H2	10.0.0
microsoft	windows_server_2022	10.0.20348.0
Microsoft	Windows 10 Version 21H1	10.0.0
microsoft	windows_10_21H2	10.0.19043.0
microsoft	windows_server_2019	10.0.17763.0, 10.0.17763.0
microsoft	windows_10_1809	10.0.17763.0, 10.0.0
Microsoft	Windows Server 2022	10.0.20348.0
Microsoft	Windows Server 2019 (Server Core installation)	10.0.17763.0
Microsoft	Windows 10 Version 1809	10.0.17763.0, 10.0.0
Microsoft	Windows Server version 20H2	10.0.0
microsoft	windows_10_20H2	10.0.0
microsoft	windows_10	21h1, 21h2, 20h2
microsoft	windows_server	2022, 20h2
microsoft	windows_server_20H2	10.0.0

Timeline

Mar 8, 2022 CVE Published
Mar 10, 2022 EPSS Score
Apr 30, 2022 EPSS Score
Jun 20, 2022 EPSS Score
Aug 10, 2022 EPSS Score
Sep 30, 2022 EPSS Score
Jan 10, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 11, 2023 EPSS Score
Aug 1, 2023 EPSS Score

References

https://msrc.microsoft.com/update-guide/ advisory
Windows DWM Core Library Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-23288 advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23288 url

Open in Interactive Console →