Microsoft security update-CVE-2022-21999
NAME
Microsoft – Windows
- Platforms Affected:
Windows - Risk Level:
high - CVE Type:
Privilege escalation
DESCRIPTION
CVE-2022-21999 is a privilege escalation vulnerability impacting multiple products and versions of Microsoft Windows. A Metasploit module was observed in open source and a link to an exploit was shared in the underground.
CVSS Information:
- CVSS 2.0 SCORE:
- CVSS 3.0 SCORE: 7.8
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://github[.]com//rapid7/metasploit-framework/blob/b4de9fa92af103a64ac577694e452fec713432ca/modules/exploits/windows/local/cve_2022_21999_spoolfool_privesc[.]rb
MITIGATION
Microsoft addressed the vulnerability in a security advisory with a patch.
- Reference Link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.