By zerosday cve bot•February 4, 2022•
cves
CVE-2022-21882: Microsoft Win32k Privilege Escalation Vulnerability
CVE-2022-21882: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-04-05T17:38:13.298Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
Win32k Elevation of Privilege Vulnerability
- Context preserved from previous revision: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2022-21882
- KEV date added: 2022-02-04
- KEV due date: 2022-02-18
- NVD published: 2022-01-12
- NVD modified: 2025-10-30
- MITRE modified: 2025-10-21
- CVSS base score: 7
- CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 1
- CVSS impact score: 5.9
- Attack vector: Local
- Attack complexity: High
- Privileges required: Low
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 1809 (versions: < 10.0.17763.2452)
- microsoft / windows 10 1909 (versions: < 10.0.18363.2037)
- microsoft / windows 10 20h2 (versions: < 10.0.19042.1466)
- microsoft / windows 10 21h1 (versions: < 10.0.19043.1466)
- microsoft / windows 10 21h2 (versions: < 10.0.19044.1466)
- microsoft / windows 11 21h2 (versions: < 10.0.22000.434)
- microsoft / windows server 2019 (versions: < 10.0.17763.2452)
- microsoft / windows server 2022 (versions: < 10.0.20348.469)
- microsoft / windows server 20h2 (versions: < 10.0.19042.1466)
- Microsoft / Windows 10 Version 1809 (versions: 10.0.17763.0)
- Microsoft / Windows 10 Version 1809 (versions: 10.0.0)
- Microsoft / Windows Server 2019 (versions: 10.0.17763.0)
- Microsoft / Windows Server 2019 (Server Core installation) (versions: 10.0.17763.0)
- Microsoft / Windows 10 Version 1909 (versions: 10.0.0)
- Microsoft / Windows 10 Version 21H1 (versions: 10.0.0)
- Microsoft / Windows Server 2022 (versions: 10.0.20348.0)
- Microsoft / Windows 10 Version 20H2 (versions: 10.0.0)
- Microsoft / Windows Server version 20H2 (versions: 10.0.0)
- Microsoft / Windows 11 version 21H2 (versions: 10.0.0)
- Microsoft / Windows 10 Version 21H2 (versions: 10.0.19043.0)
Weakness Classification
- CWE-787
Repositories for Lab Validation (Public Examples)
- Mr-xn/Penetration_Testing_POC | stars: 7295 | updated: 2026-04-04 | https://github.com/Mr-xn/Penetration_Testing_POC
Notes: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms - Threekiii/Awesome-POC | stars: 4895 | updated: 2026-04-05 | https://github.com/Threekiii/Awesome-POC
Notes: 一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities. - unkvolism/vuln_driver | stars: 0 | updated: 2026-04-05 | https://github.com/unkvolism/vuln_driver
Notes: Vulnerable Windows driver developed for demonstrating a Race Condition leading to Use-After-Free (UAF) and Local Privilege Escalation (LPE).
People and Organizations Mentioned
- microsoft
- Win32k
- Mr-xn
- Threekiii
- unkvolism
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Create low-privilege users on microsoft / windows 10 1809 (versions: < 10.0.17763.2452) and validate that patching blocks unauthorized admin-level actions.
- Compare token/privilege transitions in Windows Event Logs before and after remediation.
- Tune detections for unusual group membership changes and SYSTEM-level process launches from user sessions.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2022-21882
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2022-21882
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://nvd.nist.gov/vuln/detail/CVE-2022-21882
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882
- http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21882
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-21882
- Repository example: https://github.com/Mr-xn/Penetration_Testing_POC
- Repository example: https://github.com/Threekiii/Awesome-POC
- Repository example: https://github.com/unkvolism/vuln_driver
This content is for defensive security training and authorized validation only.