CVE-2022-21919
Published: 11 January 2022
Summary
CVE-2022-21919 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 45.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-21919 is an elevation-of-privilege vulnerability in the Windows User Profile Service that stems from improper link resolution (CWE-59). It affects multiple Windows releases and carries a CVSS 3.1 score of 7.0 reflecting local attack vector, high attack complexity, and low-privileged access that can still yield full confidentiality, integrity, and availability impact.
A local attacker who already possesses a low-privileged account on an affected system can exploit the flaw to escalate to higher privileges. Successful exploitation grants the ability to read, modify, or delete protected data and to perform actions normally reserved for more privileged accounts.
Microsoft security updates addressing the issue are available through the Microsoft Security Response Center advisories. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation.
EPSS for the CVE remained low for an extended period before rising sharply to a peak of 0.8767 on 2024-12-03 and later receding, demonstrating a clear post-disclosure surge in exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27075
Vulnerability details
Windows User Profile Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 25 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access decisions on user-profile files and links, blocking the CWE-59 improper link resolution that allows low-privileged elevation.
Limits initial privileges of the attacker account, reducing the ability to reach the conditions needed to exploit the User Profile Service flaw.
Requires prompt application of Microsoft patches that remediate the specific User Profile Service vulnerability listed in the advisory.