7.8

CVE-2022-41033

Warnung

Windows COM+ Event System Service Elevation of Privilege Vulnerability

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1507 Version < 10.0.10240.19507
MicrosoftWindows 10 1607 Version < 10.0.14393.5427
MicrosoftWindows 10 1809 Version < 10.0.17763.3532
MicrosoftWindows 10 20h2 Version < 10.0.19042.2130
MicrosoftWindows 10 21h1 Version < 10.0.19043.2130
MicrosoftWindows 10 21h2 Version < 10.0.19044.2130
MicrosoftWindows 11 21h2 Version < 10.0.22000.1098
MicrosoftWindows 11 22h2 Version < 10.0.22621.674
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version < 10.0.14393.5427
MicrosoftWindows Server 2019 Version < 10.0.17763.3532
MicrosoftWindows Server 2022 Version < 10.0.20348.1129

11.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.442
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.