Cyber Resilience

CVE-2022-24521

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 15 April 2022

Published
15 April 2022
Modified
30 October 2025
KEV Added
13 April 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0749 92.0th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24521 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2022-24521 is an elevation-of-privilege flaw in the Windows Common Log File System (CLFS) Driver, stemming from an out-of-bounds write condition (CWE-787). It affects Windows systems that include this kernel-mode driver component and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low complexity, and low required privileges.

A local attacker who already possesses a low-privileged user account on an affected Windows host can exploit the flaw to execute arbitrary code with elevated privileges, typically resulting in full control over confidentiality, integrity, and availability of the system. Successful exploitation allows the attacker to bypass normal access controls and obtain SYSTEM-level rights without user interaction.

Microsoft has published security updates that address the issue, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The associated EPSS score has remained in a narrow band between 0.0749 and a peak of 0.0868, indicating modest but persistent exploitation interest after disclosure.

EU & UK References

Vulnerability details

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
13 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19265
microsoft
windows 10 1607
≤ 10.0.14393.5066
microsoft
windows 10 1809
≤ 10.0.17763.2803
microsoft
windows 10 1909
≤ 10.0.18363.2212
microsoft
windows 10 20h2
≤ 10.0.19042.1645
microsoft
windows 10 21h1
≤ 10.0.19043.1645
microsoft
windows 10 21h2
≤ 10.0.19044.1645
microsoft
windows 11 21h2
≤ 10.0.22000.613
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of Microsoft security updates that remediate the CLFS driver flaw before local exploitation can succeed.

prevent

Enforces least-privilege execution so a low-privileged local account cannot reach the SYSTEM-level access obtained via CVE-2022-24521.

prevent

Access-enforcement mechanisms in the kernel and driver stack are intended to block the unauthorized privilege transition the vulnerability permits.

References