CVE-2022-21971
Published: 09 February 2022
Summary
CVE-2022-21971 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2022-21971 is a remote code execution vulnerability in the Windows Runtime component, present across multiple versions of Microsoft Windows. It stems from access of an uninitialized pointer (CWE-824) and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, no required privileges, and required user interaction that nonetheless yields high impact on confidentiality, integrity, and availability.
An attacker with the ability to supply a malicious file or trigger specific local actions can exploit the flaw to execute arbitrary code in the context of the logged-on user, enabling full compromise of the affected system without additional authentication.
Microsoft security updates addressing the issue are detailed in the vendor advisory, while CISA includes CVE-2022-21971 in its catalog of known exploited vulnerabilities. The associated EPSS score has remained at a sustained high of 0.8779, indicating ongoing exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27126
Vulnerability details
Windows Runtime Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 18 August 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of Microsoft security updates that eliminate the uninitialized-pointer flaw in Windows Runtime.
Malicious-code protection mechanisms can block or alert on execution of code from the specially crafted file used to trigger the RCE.
Integrity verification of software and files can detect unauthorized modification or execution attempts stemming from the crafted input.