9.3
CVE-2022-21971
- EPSS 83.9%
- Veröffentlicht 09.02.2022 17:15:08
- Zuletzt bearbeitet 24.02.2025 15:49:16
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Windows Runtime Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.2565
Microsoft ≫ Windows 10 1909 Version < 10.0.18363.2094
Microsoft ≫ Windows 10 20h2 Version < 10.0.19042.1526
Microsoft ≫ Windows 10 21h1 Version < 10.0.19043.1526
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.1526
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.493
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.2565
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.524
Microsoft ≫ Windows Server 20h2 Version < 10.0.19042.1526
18.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Runtime Remote Code Execution Vulnerability
SchwachstelleMicrosoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.9% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.