9.3
CVE-2022-21971
- EPSS 83.9%
- Published 09.02.2022 17:15:08
- Last modified 24.02.2025 15:49:16
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Windows Runtime Remote Code Execution Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.2565
Microsoft ≫ Windows 10 1909 Version < 10.0.18363.2094
Microsoft ≫ Windows 10 20h2 Version < 10.0.19042.1526
Microsoft ≫ Windows 10 21h1 Version < 10.0.19043.1526
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.1526
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.493
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.2565
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.524
Microsoft ≫ Windows Server 20h2 Version < 10.0.19042.1526
18.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Runtime Remote Code Execution Vulnerability
VulnerabilityMicrosoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.9% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.