Cyber Resilience

CVE-2022-41033

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 October 2022

Published
11 October 2022
Modified
12 January 2026
KEV Added
11 October 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0174 82.9th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41033 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 17.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2022-41033 is an elevation-of-privilege vulnerability in the Windows COM+ Event System Service, assigned CWE-843 and carrying a CVSS 3.1 base score of 7.8. The flaw permits a local attacker to obtain higher privileges on affected Windows systems without requiring user interaction.

An authenticated local user can exploit the weakness to achieve full control over confidentiality, integrity, and availability on the host. Because the attack vector is local and the required privileges are only low, any process or user already present on the system can leverage the bug to escalate to SYSTEM-level access.

Microsoft has published security updates and advisory guidance at the listed MSRC URLs to address the issue. The vulnerability also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation, although the associated EPSS score has remained flat at 0.0174.

EU & UK References

Vulnerability details

Windows COM+ Event System Service Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
11 October 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19507
microsoft
windows 10 1607
≤ 10.0.14393.5427
microsoft
windows 10 1809
≤ 10.0.17763.3532
microsoft
windows 10 20h2
≤ 10.0.19042.2130
microsoft
windows 10 21h1
≤ 10.0.19043.2130
microsoft
windows 10 21h2
≤ 10.0.19044.2130
microsoft
windows 11 21h2
≤ 10.0.22000.1098
microsoft
windows 11 22h2
≤ 10.0.22621.674
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor security updates that remediate the type-confusion flaw in the COM+ Event System Service.

prevent

Enforces least privilege so that even an authenticated local user starts with minimal rights, reducing the impact of successful escalation to SYSTEM.

detect

Verifies software integrity and can detect unauthorized code execution or tampering that results from exploitation of the COM+ vulnerability.

References