CVE-2022-41033

HIGH KEV

Windows COM+ Event System Service - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2022-41033 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 11, 2022.

Description

Windows COM+ Event System Service Elevation of Privilege Vulnerability

References (3)

Core 3

Core References

Patch, Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41033

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41033

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033

Scores

CVSS v3 7.8

EPSS 0.0174

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-10-11

VulnCheck KEV 2022-10-11

InTheWild.io 2022-10-11

ENISA EUVD EUVD-2022-44278

CWE

CWE-843

Status published

Products (18)

microsoft/windows_10_1507 < 10.0.10240.19507

microsoft/windows_10_1607 < 10.0.14393.5427

microsoft/windows_10_1809 < 10.0.17763.3532

microsoft/windows_10_20h2 < 10.0.19042.2130

microsoft/windows_10_21h1 < 10.0.19043.2130

microsoft/windows_10_21h2 < 10.0.19044.2130

microsoft/windows_11_21h2 < 10.0.22000.1098

microsoft/windows_11_22h2 < 10.0.22621.674

microsoft/windows_7

microsoft/windows_8.1

... and 8 more

Published Oct 11, 2022

KEV Added Oct 11, 2022

Tracked Since Feb 18, 2026