CVE-2022-24525 — Vulnetix

CVE-2022-24525 PUBLISHED CVSS 7 HIGH

Windows Update Stack Elevation of Privilege Vulnerability

EPSS 0.16% · 36.3th percentile

Risk Scores

CVSS 3.1

7

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.16%

36.3th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1909	10.0.0
microsoft	windows_10_21H1	10.0.0
microsoft	windows_11_21H2	10.0.0
microsoft	windows_10_1909	10.0.0
Microsoft	Windows 11 version 21H2	10.0.0
Microsoft	Windows 10 Version 21H1	10.0.0
Microsoft	Windows 10 Version 20H2	10.0.0
microsoft	windows_10_20H2	10.0.0
Microsoft	Windows Server version 20H2	10.0.0
microsoft	windows_10	20h2, 1909, 21h2
microsoft	windows_server	*
Microsoft	Windows 10 Version 21H2	10.0.19043.0
microsoft	windows_11
microsoft	windows_server_20H2	10.0.0
microsoft	windows_10_21H2	10.0.19043.0

Exploit Intelligence

Timeline

Mar 8, 2022 CVE Published
Mar 10, 2022 EPSS Score
Apr 30, 2022 EPSS Score
Jun 21, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Oct 3, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Mar 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 26, 2023 EPSS Score
Jun 17, 2023 EPSS Score

References

https://msrc.microsoft.com/update-guide/ advisory
Windows Update Stack Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-24525 advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24525 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›