Jan 2022: Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-21919 Published on January 11, 2022
Windows User Profile Service Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft Windows User Profile Service Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
The following remediation steps are recommended / required by May 16, 2022: Apply updates per vendor instructions.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2022-21919 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2022-21919
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-21919 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.2452 is affected.
- Version 10.0.0 and below 10.0.17763.2452 is affected.
- Version 10.0.17763.0 and below 10.0.17763.2452 is affected.
- Version 10.0.17763.0 and below 10.0.17763.2452 is affected.
- Version 10.0.0 and below 10.0.18363.2037 is affected.
- Version 10.0.0 and below 10.0.19043.1466 is affected.
- Version 10.0.20348.0 and below 10.0.20348.469 is affected.
- Version 10.0.0 and below 10.0.19042.1466 is affected.
- Version 10.0.0 and below 10.0.19042.1466 is affected.
- Version 10.0.0 and below 10.0.22000.434 is affected.
- Version 10.0.19043.0 and below 10.0.19043.1466 is affected.
- Version 10.0.10240.0 and below 10.0.10240.19177 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4886 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4886 is affected.
- Version 10.0.14393.0 and below 10.0.14393.4886 is affected.
- Version 6.1.0 and below 6.1.7601.25829 is affected.
- Version 6.1.0 and below 6.1.7601.25829 is affected.
- Version 6.3.0 and below 6.3.9600.20246 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21349 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21349 is affected.
- Version 6.0.6003.0 and below 6.0.6003.21349 is affected.
- Version 6.1.7601.0 and below 6.1.7601.25829 is affected.
- Version 6.1.7601.0 and below 6.1.7601.25829 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23584 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23584 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20246 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20246 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.