CVE-2022-21896 - Vulnerability Details

Vendors	Products
Microsoft	Windows 10 Windows 11 Windows Server Windows Server 2019

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2452::::::arm64: cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2452::::::x64: cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2452::::::x86: cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.2037::::::x64: cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.2037::::::x64: cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.2037::::::x86: cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1466::::::arm64: cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1466::::::x86: cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1466::::::arm64: cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1466::::::x64: cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1466::::::x86: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1466::::::arm64: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1466::::::x64: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1466::::::x86: cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.434::::::arm64: cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.434::::::x64: cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2452:::::::* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.469:::::::* cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1466:::::::*
Vendors & Products	Microsoft windows 10 1809 Microsoft windows 10 1909 Microsoft windows 10 20h2 Microsoft windows 10 21h1 Microsoft windows 10 21h2 Microsoft windows 11 21h2 Microsoft windows Server 2022 Microsoft windows Server 20h2

Type	Values Removed	Values Added
References		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896

Type	Values Removed	Values Added
References	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896

Show plain JSON

{"containers": {"cna": {"title": "Windows DWM Core Library Elevation of Privilege Vulnerability", "datePublic": "2022-01-11T08:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.2452"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.17763.2452"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.2452"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.2452"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.18363.2037"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21H1:*:*:*:*:*:*:x64:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.19043.1466"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.469"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.19042.1466"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.19042.1466"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.0.22000.434"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*", "versionStartIncluding": "10.0.19043.0", "versionEndExcluding": "10.0.19044.1466"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1809", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.2452", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1809", "platforms": ["ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.2452", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.2452", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.2452", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1909", "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.18363.2037", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H1", "platforms": ["x64-based Systems", "ARM64-based Systems", "32-bit Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19043.1466", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.469", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 20H2", "platforms": ["32-bit Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1466", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server version 20H2", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1466", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 21H2", "platforms": ["x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22000.434", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H2", "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.19043.0", "lessThan": "10.0.19044.1466", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Windows DWM Core Library Elevation of Privilege Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T18:23:02.124Z"}, "references": [{"name": "Windows DWM Core Library Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.423Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-21896", "datePublished": "2022-01-11T20:22:59", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2025-01-02T18:23:02.124Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

title : Windows DWM Core Library Elevation of Privilege Vulnerability (string)

datePublic : 2022-01-11T08:00:00+00:00 (string)

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 10.0.17763.0 (string)

versionEndExcluding : 10.0.17763.2452 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.17763.2452 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 10.0.17763.0 (string)

versionEndExcluding : 10.0.17763.2452 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 10.0.17763.0 (string)

versionEndExcluding : 10.0.17763.2452 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.18363.2037 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_21H1:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.19043.1466 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 10.0.20348.0 (string)

versionEndExcluding : 10.0.20348.469 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.19042.1466 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.19042.1466 (string)

}

9 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 10.0.0 (string)

versionEndExcluding : 10.0.22000.434 (string)

}

10 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 10.0.19043.0 (string)

versionEndExcluding : 10.0.19044.1466 (string)

}

]

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Windows 10 Version 1809 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.17763.0 (string)

lessThan : 10.0.17763.2452 (string)

versionType : custom (string)

status : affected (string)

}

]

}

1 : { »

vendor : Microsoft (string)

product : Windows 10 Version 1809 (string)

platforms : [ »

0 : ARM64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.17763.2452 (string)

versionType : custom (string)

status : affected (string)

}

]

}

2 : { »

vendor : Microsoft (string)

product : Windows Server 2019 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.17763.0 (string)

lessThan : 10.0.17763.2452 (string)

versionType : custom (string)

status : affected (string)

}

]

}

3 : { »

vendor : Microsoft (string)

product : Windows Server 2019 (Server Core installation) (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.17763.0 (string)

lessThan : 10.0.17763.2452 (string)

versionType : custom (string)

status : affected (string)

}

]

}

4 : { »

vendor : Microsoft (string)

product : Windows 10 Version 1909 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

2 : ARM64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.18363.2037 (string)

versionType : custom (string)

status : affected (string)

}

]

}

5 : { »

vendor : Microsoft (string)

product : Windows 10 Version 21H1 (string)

platforms : [ »

0 : x64-based Systems (string)

1 : ARM64-based Systems (string)

2 : 32-bit Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.19043.1466 (string)

versionType : custom (string)

status : affected (string)

}

]

}

6 : { »

vendor : Microsoft (string)

product : Windows Server 2022 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.20348.0 (string)

lessThan : 10.0.20348.469 (string)

versionType : custom (string)

status : affected (string)

}

]

}

7 : { »

vendor : Microsoft (string)

product : Windows 10 Version 20H2 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : ARM64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.19042.1466 (string)

versionType : custom (string)

status : affected (string)

}

]

}

8 : { »

vendor : Microsoft (string)

product : Windows Server version 20H2 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.19042.1466 (string)

versionType : custom (string)

status : affected (string)

}

]

}

9 : { »

vendor : Microsoft (string)

product : Windows 11 version 21H2 (string)

platforms : [ »

0 : x64-based Systems (string)

1 : ARM64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.0 (string)

lessThan : 10.0.22000.434 (string)

versionType : custom (string)

status : affected (string)

}

]

}

10 : { »

vendor : Microsoft (string)

product : Windows 10 Version 21H2 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : ARM64-based Systems (string)

2 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 10.0.19043.0 (string)

lessThan : 10.0.19044.1466 (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : Windows DWM Core Library Elevation of Privilege Vulnerability (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Elevation of Privilege (string)

lang : en-US (string)

type : Impact (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-01-02T18:23:02.124Z (string)

}

references : [ »

0 : { »

name : Windows DWM Core Library Elevation of Privilege Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : HIGH (string)

baseScore : 7 (number)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T02:53:36.423Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2022-21896 (string)

datePublished : 2022-01-11T20:22:59 (string)

dateReserved : 2021-12-14T00:00:00 (string)

dateUpdated : 2025-01-02T18:23:02.124Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "matchCriteriaId": "610B33F9-0309-4CF7-B7E4-5152D9B2FFE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "matchCriteriaId": "21074553-EDF2-468D-8E79-C39851B5BC79", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "matchCriteriaId": "4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "matchCriteriaId": "49A4BBDA-0389-4171-AA49-6837F7DF4454", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "matchCriteriaId": "F8C238FA-B20F-40A5-B861-A8295858F4BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "matchCriteriaId": "56513BCA-A9F5-4112-BDE6-77E9B8D2677E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "matchCriteriaId": "665EA912-D724-41EB-86A9-24EB4FE87B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "matchCriteriaId": "77E07B96-EAAA-4DD6-9172-0DE98A36726F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "matchCriteriaId": "B846A736-E77C-4665-B28B-4E511880D575", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "matchCriteriaId": "925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "matchCriteriaId": "6CF580BA-6938-40F6-9D86-F43044A6BACA", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "matchCriteriaId": "C5E038AA-514F-48AC-B45E-859EE32525B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "matchCriteriaId": "31622391-A67E-4E2A-A855-1316B6E38630", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "matchCriteriaId": "61F0792D-7587-4297-8EE7-D4DC3A30EE84", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "matchCriteriaId": "7649042B-4430-4BD9-B82F-984A2831A651", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "1EAF6DBA-6E3A-4854-BFBF-B5DC36CE5929", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "matchCriteriaId": "BE257836-4F4D-4352-8293-B9CAD34F8794", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Windows DWM Core Library Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Una vulnerabilidad de Elevaci\u00f3n de Privilegios en Windows DWM Core Library. Este ID de CVE es diferente de CVE-2022-21852, CVE-2022-21902"}], "id": "CVE-2022-21896", "lastModified": "2024-11-21T06:45:39.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2022-01-11T21:15:12.243", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:* (string)

matchCriteriaId : 610B33F9-0309-4CF7-B7E4-5152D9B2FFE4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:* (string)

matchCriteriaId : 21074553-EDF2-468D-8E79-C39851B5BC79 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:* (string)

matchCriteriaId : 4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:* (string)

matchCriteriaId : 49A4BBDA-0389-4171-AA49-6837F7DF4454 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:* (string)

matchCriteriaId : F8C238FA-B20F-40A5-B861-A8295858F4BE (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:* (string)

matchCriteriaId : 56513BCA-A9F5-4112-BDE6-77E9B8D2677E (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:* (string)

matchCriteriaId : 665EA912-D724-41EB-86A9-24EB4FE87B54 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:* (string)

matchCriteriaId : 77E07B96-EAAA-4DD6-9172-0DE98A36726F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:* (string)

matchCriteriaId : B846A736-E77C-4665-B28B-4E511880D575 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:* (string)

matchCriteriaId : 925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:* (string)

matchCriteriaId : 6CF580BA-6938-40F6-9D86-F43044A6BACA (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:* (string)

matchCriteriaId : C5E038AA-514F-48AC-B45E-859EE32525B4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:* (string)

matchCriteriaId : 31622391-A67E-4E2A-A855-1316B6E38630 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:* (string)

matchCriteriaId : 61F0792D-7587-4297-8EE7-D4DC3A30EE84 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:* (string)

matchCriteriaId : 7649042B-4430-4BD9-B82F-984A2831A651 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:* (string)

matchCriteriaId : B9F64296-66BF-4F1D-A11C-0C44C347E2AC (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:* (string)

matchCriteriaId : 5D7F7DDB-440E-42CD-82F4-B2C13F3CC462 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1EAF6DBA-6E3A-4854-BFBF-B5DC36CE5929 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:* (string)

matchCriteriaId : BE257836-4F4D-4352-8293-B9CAD34F8794 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DB79EE26-FC32-417D-A49C-A1A63165A968 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Windows DWM Core Library Elevation of Privilege Vulnerability (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de Elevación de Privilegios en Windows DWM Core Library. Este ID de CVE es diferente de CVE-2022-21852, CVE-2022-21902 (string)

}

]

id : CVE-2022-21896 (string)

lastModified : 2024-11-21T06:45:39.567 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 6.9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1 (number)

impactScore : 5.9 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

]

}

published : 2022-01-11T21:15:12.243 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21896 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21896 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-362 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object