CVE-2022-41125
Published: 09 November 2022
Summary
CVE-2022-41125 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 8.1. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 27.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
Windows CNG Key Isolation Service contains an out-of-bounds write vulnerability tracked as CVE-2022-41125 that permits local elevation of privilege. The flaw affects the Cryptography Next Generation key isolation component in supported Windows releases and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and low required privileges.
An authenticated local attacker can trigger the flaw to obtain SYSTEM-level privileges, thereby gaining full control over the affected system including the ability to read, modify, or delete arbitrary data. Exploitation requires no user interaction beyond the ability to run code on the target host.
Microsoft’s security update guide provides patches addressing the issue, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, confirming observed in-the-wild use. The associated EPSS score rose from a low baseline to a recorded peak of 0.0164, indicating increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44368
Vulnerability details
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 08 November 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces least-privilege boundaries around the CNG Key Isolation Service so a low-privileged local attacker cannot obtain SYSTEM-level access.
Mediates all access requests to the key-isolation service and blocks the unauthorized elevation path exploited by CVE-2022-41125.
Requires isolation of security-critical functions such as cryptographic key handling, directly limiting the impact of an out-of-bounds write inside the CNG service.