Advertisement
Top
image credit: Unsplash

CISA Urges Organizations to Patch Exploited Windows Vulnerability

February 7, 2022

Via: Security Week
Category:

Tracked as CVE-2022-21882, the high-severity security hole was fixed on January 2022 Patch Tuesday, when Microsoft said it was aware of limited, targeted exploitation attempts.

Identified in the Win32k.sys driver, the issue is described as an elevation of privilege bug that could allow a local, authenticated attacker to obtain system or administrative rights.

Security researcher RyeLv, who received acknowledgement for the find, says CVE-2022-21882 is in fact a bypass for the patch that Microsoft released in February 2021 for CVE-2021-1732, another exploited Win32k vulnerability.

Read More on Security Week

RELATED PUBLICATIONS

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
Google, Apple gear to raise tracking tag stalker alarm
ASEAN organizations dealing with growing cyber menace

Latest Publications

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
Google, Apple gear to raise tracking tag stalker alarm
ASEAN organizations dealing with growing cyber menace
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!