Security

CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882  Windows flaw.

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882.

“CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.” reads the CISA’s announcement. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.”

CVE NumberCVE TitleRequired Action Due Date
CVE-2022-21882 Microsoft Win32k Privilege Escalation Vulnerability 02/18/2022

At the end of January, the security researchers RyeLv has publicly released an exploit for a Windows local privilege elevation flaw (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege vulnerability was fixed in January as part of the January 2022 Patch Tuesday, it is the result of a bypass for the previously CVE-2021-1732 flaw.

“A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.” reads the advisory published by Microsoft.

RyeLv also published a detailed analysis of the vulnerability that affects all supported support versions of Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform privileged commands.

CISA is ordering, in compliance with the binding operational directive (BOD 22-01), Federal Civilian Executive Branch Agencies (FCEB) agencies to patch all systems against the CVE-2022-21882 flaw within two weeks, until February 18th.

As usual, the US agency recommends private and public sector organizations to address the vulnerabilities included in the ‘Known Exploited Vulnerabilities Catalog‘ which is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Windoes)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday,…

8 hours ago

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active…

17 hours ago

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting…

20 hours ago

Government contractor Conduent disclosed a data breach

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including…

20 hours ago

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after…

2 days ago

Meta will use public EU user data to train its AI models

Meta announced that it will use public EU user data to train AI, resuming plans…

2 days ago