According to a report by BleepingComputer, a researcher shared information pertaining to CVE-2022-21882, a vulnerability in Windows 10 allows threat actors with limited access to a compromised device to easily elevate their privileges and perform privileged commands. The exploit can spread laterally within the network and create new administrative users.
Furthermore. all supported versions of Windows 10 before January 2022 Patch Tuesday update are susceptible to the CVE vulnerability.
Workaround the elevated access bug
With the January 2022 Patch Tuesday also came the Win32k Elevation of Privilege Vulnerability (dubbed the CVE-2022-21882}. It is actually in place to help remedy the whole situation with the exploited CVE-2021-1732 bug.
The discovery was actually made by b2ahex, he shared his findings from a technical analysis that he conducted after Microsoft released the patch.
Regarding the just-fixed CVE-2022-21882:
win32k privilege escalation vulnerability,
CVE-2021-1732 patch bypass,easy to exploit,which was used by apt attacks— b2ahex (@b2ahex) January 12, 2022
When the exploit was released to the public, Twitter’s resident exploit tester and vulnerability analyst for CERT/CC Will Dormann confirmed it worked and provided elevated privileges
Yup. This CVE-2022-21882 PoC works. https://t.co/strDxXktIV pic.twitter.com/cZA5eL8UpK
— Will Dormann (@wdormann) January 28, 2022
However, BleepingComputer indicates that some admins chose to skip the January 2022 Patch Tuesday updates because of the collection of critical bugs. some of the issues included unexpected reboots, inaccessible ReFS volumes among others. As such, some PCs remain susceptible to the recently-fixed vulnerability.
