CVE-2022-21971

HIGH KEV

Windows Runtime - RCE

Title source: llm

Description

Windows Runtime Remote Code Execution Vulnerability

Exploits (3)

nomisec WRITEUP 306 stars

by 0vercl0k · client-side

https://github.com/0vercl0k/CVE-2022-21971

View Code ZIP pw:eip

nomisec WORKING POC 11 stars

by Malwareman007 · poc

https://github.com/Malwareman007/CVE-2022-21971

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by tufanturhan · poc

https://github.com/tufanturhan/CVE-2022-21971-Windows-Runtime-RCE

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-21971

Scores

CVSS v3 7.8

EPSS 0.8710

EPSS Percentile 99.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-08-18

VulnCheck KEV 2022-08-18

InTheWild.io 2022-08-18

ENISA EUVD EUVD-2022-27126

CWE

CWE-824

Status published

Products (9)

microsoft/windows_10_1809 < 10.0.17763.2565

microsoft/windows_10_1909 < 10.0.18363.2094

microsoft/windows_10_20h2 < 10.0.19042.1526

microsoft/windows_10_21h1 < 10.0.19043.1526

microsoft/windows_10_21h2 < 10.0.19044.1526

microsoft/windows_11_21h2 < 10.0.22000.493

microsoft/windows_server_2019 < 10.0.17763.2565

microsoft/windows_server_2022 < 10.0.20348.524

microsoft/windows_server_20h2 < 10.0.19042.1526

Published Feb 09, 2022

KEV Added Aug 18, 2022

Tracked Since Feb 18, 2026