CVE-2022-41128
Published: 09 November 2022
Summary
CVE-2022-41128 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 8.1. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-41128 is a remote code execution vulnerability in Windows Scripting Languages, assigned CWE-787 and carrying a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, no required privileges, and required user interaction. The flaw affects components responsible for processing scripting language content on Windows systems.
An unauthenticated attacker can exploit the issue by supplying specially crafted content that a user opens or interacts with over the network, resulting in arbitrary code execution with impacts to confidentiality, integrity, and availability.
Microsoft advisory information at the referenced MSRC pages describes available updates that address the vulnerability, while CISA lists CVE-2022-41128 in its known exploited vulnerabilities catalog, indicating confirmed in-the-wild exploitation.
EPSS for the CVE rose from lower values after disclosure to a peak of 0.5852 on 2024-10-24 before receding to the current 0.3924, signaling a clear post-disclosure increase in exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44371
Vulnerability details
Windows Scripting Languages Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 08 November 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor security update that Microsoft published to eliminate the remote code execution flaw in Windows Scripting Languages.
Enforces input validation on data processed by scripting engines, blocking the malformed input that triggers the out-of-bounds write (CWE-787) leading to arbitrary code execution.
Deploys anti-malware mechanisms that can detect and block malicious scripts or payloads attempting to exploit the scripting-language RCE vector.