7

CVE-2022-26904

Warnung

Windows User Profile Service Elevation of Privilege Vulnerability

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1507 Version < 10.0.10240.19265
MicrosoftWindows 10 1607 Version < 10.0.14393.5066
MicrosoftWindows 10 1809 Version < 10.0.17763.2803
MicrosoftWindows 10 1909 Version < 10.0.18363.2212
MicrosoftWindows 10 20h2 Version < 10.0.19042.1645
MicrosoftWindows 10 21h1 Version < 10.0.19043.1645
MicrosoftWindows 10 21h2 Version < 10.0.19044.1645
MicrosoftWindows 11 21h2 Version < 10.0.22000.613
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version < 10.0.14393.5066
MicrosoftWindows Server 2019 Version < 10.0.17763.2803
MicrosoftWindows Server 2022 Version < 10.0.20348.643
MicrosoftWindows Server 20h2 Version < 10.0.19042.1645

25.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 28.11% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
secure@microsoft.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.