Windows' January 2022 Patch Tuesday update patches an elevated access bug

According to a report by BleepingComputer, a researcher shared information pertaining to CVE-2022-21882, a vulnerability in Windows 10 allows threat actors with limited access to a compromised device to easily elevate their privileges and perform privileged commands. The exploit can spread laterally within the network and create new administrative users.

Furthermore. all supported versions of Windows 10 before January 2022 Patch Tuesday update are susceptible to the CVE vulnerability.

Workaround the elevated access bug

With the January 2022 Patch Tuesday also came the Win32k Elevation of Privilege Vulnerability (dubbed the CVE-2022-21882}.  It is actually in place to help remedy the whole situation with the exploited CVE-2021-1732 bug.

The discovery was actually made by b2ahex, he shared his findings from a technical analysis that he conducted after Microsoft released the patch.

When the exploit was released to the public, Twitter's resident exploit tester and vulnerability analyst for CERT/CC Will Dormann confirmed it worked and provided elevated privileges

 

However, BleepingComputer indicates that some admins chose to skip the January 2022 Patch Tuesday updates because of the collection of critical bugs. some of the issues included unexpected reboots, inaccessible ReFS volumes among others. As such, some PCs remain susceptible to the recently-fixed vulnerability.

Share This Post:

Older

Here's how Xbox is celebrating Black History Month

Microsoft Flight Simulator could come to Xbox Cloud Gaming "pretty soon"

Newer