Cyber Resilience

CVE-2022-21919

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 January 2022

Published
11 January 2022
Modified
30 October 2025
KEV Added
25 April 2022
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0031 54.5th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-21919 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 45.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-21919 is an elevation-of-privilege vulnerability in the Windows User Profile Service that stems from improper link resolution (CWE-59). It affects multiple Windows releases and carries a CVSS 3.1 score of 7.0 reflecting local attack vector, high attack complexity, and low-privileged access that can still yield full confidentiality, integrity, and availability impact.

A local attacker who already possesses a low-privileged account on an affected system can exploit the flaw to escalate to higher privileges. Successful exploitation grants the ability to read, modify, or delete protected data and to perform actions normally reserved for more privileged accounts.

Microsoft security updates addressing the issue are available through the Microsoft Security Response Center advisories. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation.

EPSS for the CVE remained low for an extended period before rising sharply to a peak of 0.8767 on 2024-12-03 and later receding, demonstrating a clear post-disclosure surge in exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

Windows User Profile Service Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
25 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19177 · ≤ 10.0.10240.19177
microsoft
windows 10 1607
≤ 10.0.14393.4886 · ≤ 10.0.14393.4886
microsoft
windows 10 1809
≤ 10.0.17763.2452 · ≤ 10.0.17763.2452
microsoft
windows 10 1909
≤ 10.0.18363.2037
microsoft
windows 10 20h2
≤ 10.0.19042.1466
microsoft
windows 10 21h1
≤ 10.0.19043.1466
microsoft
windows 10 21h2
≤ 10.0.19044.1466
microsoft
windows 11 21h2
≤ 10.0.22000.434
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access decisions on user-profile files and links, blocking the CWE-59 improper link resolution that allows low-privileged elevation.

prevent

Limits initial privileges of the attacker account, reducing the ability to reach the conditions needed to exploit the User Profile Service flaw.

prevent

Requires prompt application of Microsoft patches that remediate the specific User Profile Service vulnerability listed in the advisory.

References