Cyber Resilience

CVE-2022-41128

HighCISA KEVActive ExploitationEUVD Exploited

Published: 09 November 2022

Published
09 November 2022
Modified
14 January 2026
KEV Added
08 November 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.3924 97.4th percentile
Risk Priority 61 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41128 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 8.1. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-41128 is a remote code execution vulnerability in Windows Scripting Languages, assigned CWE-787 and carrying a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, no required privileges, and required user interaction. The flaw affects components responsible for processing scripting language content on Windows systems.

An unauthenticated attacker can exploit the issue by supplying specially crafted content that a user opens or interacts with over the network, resulting in arbitrary code execution with impacts to confidentiality, integrity, and availability.

Microsoft advisory information at the referenced MSRC pages describes available updates that address the vulnerability, while CISA lists CVE-2022-41128 in its known exploited vulnerabilities catalog, indicating confirmed in-the-wild exploitation.

EPSS for the CVE rose from lower values after disclosure to a peak of 0.5852 on 2024-10-24 before receding to the current 0.3924, signaling a clear post-disclosure increase in exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

Windows Scripting Languages Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
08 November 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19567
microsoft
windows 10 1607
≤ 10.0.14393.5501
microsoft
windows 10 1809
≤ 10.0.17763.3650
microsoft
windows 10 20h2
≤ 10.0.19042.2251
microsoft
windows 10 21h1
≤ 10.0.19043.2251
microsoft
windows 10 21h2
≤ 10.0.19044.2251
microsoft
windows 10 22h2
≤ 10.0.19045.2251
microsoft
windows 11 21h2
≤ 10.0.22000.1219
microsoft
windows 11 22h2
≤ 10.0.22621.819
microsoft
windows 7
sp1
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor security update that Microsoft published to eliminate the remote code execution flaw in Windows Scripting Languages.

prevent

Enforces input validation on data processed by scripting engines, blocking the malformed input that triggers the out-of-bounds write (CWE-787) leading to arbitrary code execution.

preventdetect

Deploys anti-malware mechanisms that can detect and block malicious scripts or payloads attempting to exploit the scripting-language RCE vector.

References