Cyber Resilience

CVE-2022-41125

HighCISA KEVActive ExploitationEUVD Exploited

Published: 09 November 2022

Published
09 November 2022
Modified
30 October 2025
KEV Added
08 November 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0070 72.5th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41125 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 8.1. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 27.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

Windows CNG Key Isolation Service contains an out-of-bounds write vulnerability tracked as CVE-2022-41125 that permits local elevation of privilege. The flaw affects the Cryptography Next Generation key isolation component in supported Windows releases and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and low required privileges.

An authenticated local attacker can trigger the flaw to obtain SYSTEM-level privileges, thereby gaining full control over the affected system including the ability to read, modify, or delete arbitrary data. Exploitation requires no user interaction beyond the ability to run code on the target host.

Microsoft’s security update guide provides patches addressing the issue, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, confirming observed in-the-wild use. The associated EPSS score rose from a low baseline to a recorded peak of 0.0164, indicating increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
08 November 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19567
microsoft
windows 10 1607
≤ 10.0.14393.5501
microsoft
windows 10 1809
≤ 10.0.17763.3650
microsoft
windows 10 20h2
≤ 10.0.19042.2251
microsoft
windows 10 21h1
≤ 10.0.19043.2251
microsoft
windows 10 21h2
≤ 10.0.19044.2251
microsoft
windows 10 22h2
≤ 10.0.19045.2251
microsoft
windows 11 21h2
≤ 10.0.22000.1219
microsoft
windows 11 22h2
≤ 10.0.22621.819
microsoft
windows 8.1
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least-privilege boundaries around the CNG Key Isolation Service so a low-privileged local attacker cannot obtain SYSTEM-level access.

prevent

Mediates all access requests to the key-isolation service and blocks the unauthorized elevation path exploited by CVE-2022-41125.

prevent

Requires isolation of security-critical functions such as cryptographic key handling, directly limiting the impact of an out-of-bounds write inside the CNG service.

References