Cyber Resilience

CVE-2022-21971

HighCISA KEVActive ExploitationEUVD Exploited

Published: 09 February 2022

Published
09 February 2022
Modified
30 October 2025
KEV Added
18 August 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8779 99.5th percentile
Risk Priority 88 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-21971 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2022-21971 is a remote code execution vulnerability in the Windows Runtime component, present across multiple versions of Microsoft Windows. It stems from access of an uninitialized pointer (CWE-824) and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, no required privileges, and required user interaction that nonetheless yields high impact on confidentiality, integrity, and availability.

An attacker with the ability to supply a malicious file or trigger specific local actions can exploit the flaw to execute arbitrary code in the context of the logged-on user, enabling full compromise of the affected system without additional authentication.

Microsoft security updates addressing the issue are detailed in the vendor advisory, while CISA includes CVE-2022-21971 in its catalog of known exploited vulnerabilities. The associated EPSS score has remained at a sustained high of 0.8779, indicating ongoing exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Windows Runtime Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
18 August 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1809
≤ 10.0.17763.2565
microsoft
windows 10 1909
≤ 10.0.18363.2094
microsoft
windows 10 20h2
≤ 10.0.19042.1526
microsoft
windows 10 21h1
≤ 10.0.19043.1526
microsoft
windows 10 21h2
≤ 10.0.19044.1526
microsoft
windows 11 21h2
≤ 10.0.22000.493
microsoft
windows server 2019
≤ 10.0.17763.2565
microsoft
windows server 2022
≤ 10.0.20348.524
microsoft
windows server 20h2
≤ 10.0.19042.1526

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of Microsoft security updates that eliminate the uninitialized-pointer flaw in Windows Runtime.

preventdetect

Malicious-code protection mechanisms can block or alert on execution of code from the specially crafted file used to trigger the RCE.

detect

Integrity verification of software and files can detect unauthorized modification or execution attempts stemming from the crafted input.

References