Microsoft Win32k bug added to CISA's exploited vulnerabilities list

The US Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Win32k privilege escalation vulnerability to its Known Exploited Vulnerabilities Catalog, ordering federal civilian agencies to patch the issue by February 18. 

CISA said it added the vulnerability “based on evidence that threat actors are actively exploiting” it. 

Cybersecurity company DeepWatch said in a blog last week that proof-of-concept code was publicly disclosed and that threat actors with limited access to a compromised device “can utilize this vulnerability to quickly elevate privileges, allowing them to spread laterally inside the network, create new administrator users, and run privileged commands.”

“According to the security researcher credited with disclosing the vulnerability to Microsoft, the vulnerability has already been exploited by advanced persistent threat (APT) actors. deepwatch Threat Intel Teams assess with high confidence that threat actors are likely to use the publicly available exploit code for CVE-2022-21882 to escalate privileges on systems in which they have already initially compromised,” the deepwatch Threat Intel Team explained. 

“Given the vulnerability affects Windows 10, the deepwatch Threat Intel Team advises customers to install updates as soon as possible, prioritizing vulnerable internet-exposed systems.”

The vulnerability has a CVSS score of 7.0 and affects Microsoft Windows 10 versions 1809, 1909, 20H2, 21H1, and 21H2

Read More: