CVE-2022-41033
Published: 11 October 2022
Summary
CVE-2022-41033 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 17.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2022-41033 is an elevation-of-privilege vulnerability in the Windows COM+ Event System Service, assigned CWE-843 and carrying a CVSS 3.1 base score of 7.8. The flaw permits a local attacker to obtain higher privileges on affected Windows systems without requiring user interaction.
An authenticated local user can exploit the weakness to achieve full control over confidentiality, integrity, and availability on the host. Because the attack vector is local and the required privileges are only low, any process or user already present on the system can leverage the bug to escalate to SYSTEM-level access.
Microsoft has published security updates and advisory guidance at the listed MSRC URLs to address the issue. The vulnerability also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation, although the associated EPSS score has remained flat at 0.0174.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44278
Vulnerability details
Windows COM+ Event System Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 11 October 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor security updates that remediate the type-confusion flaw in the COM+ Event System Service.
Enforces least privilege so that even an authenticated local user starts with minimal rights, reducing the impact of successful escalation to SYSTEM.
Verifies software integrity and can detect unauthorized code execution or tampering that results from exploitation of the COM+ vulnerability.