Vulnerability in Microsoft Windows 10 20H2/10 21H1/10 21H2/10 1809/10 1909/11/Server 20H2/Server 2019/Server until 2022#
A critical vulnerability has been discovered in Microsoft Windows 10 20H2/10 21H1/10 21H2/10 1809/10 1909/11/Server 20H2/Server 2019/Server until 2022. The affected component is a certain unknown feature called Win32k. Manually debugging illegal input can lead to an unknown defect. CVE summary:
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887.
The vulnerability was disclosed on 2022-01-11 by Security Guidance (Website). The URL for requesting the announcement is portal.msrc.microsoft.com.
The vulnerability has been assigned the name CVE-2022-21882, with the CVE allocation information format: 2021-12-14. Remote exploitation is possible, but no technical details are available. The attack complexity is quite high. The exploitability of this vulnerability is known to be very difficult. The vulnerability has below-average notoriety and there is another vulnerability that can be exploited. The vulnerability exploit has been publicly disclosed and may be exploited. The current structure of the vulnerability determines a possible price range of USD $0-$5k.
It has been announced as a proof-of-concept. The following URL provides the vulnerability exploit: github.com. The estimated underground price for zero-day attacks is approximately $25k-$100k.
It is recommended to apply a patch to fix this issue. Possible mitigations have been published immediately after the disclosure of the vulnerability.
Vulnerability Exploit#
CVE-2022-21882.zip
It needs to be executed twice, with five parameters in the first execution. The second execution will successfully get system privileges. There is a chance of a blue screen.
