CVE-2022-41049

MEDIUM KEV

Windows Mark of the Web - Privilege Escalation

Title source: llm

Description

Windows Mark of the Web Security Feature Bypass Vulnerability

Exploits (4)

inthewild

poc

https://github.com/nathanscottgithub/cve-2022-41049-poc

View on inthewild

inthewild

poc

https://github.com/nathanscott101/cve-2022-41049-poc

View on inthewild

inthewild

poc

https://github.com/nathanorr101/cve-2022-41049-poc

View on inthewild

inthewild

poc

https://github.com/nathan01110011/cve-2022-41049-poc

View on inthewild

References (2)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41049

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41049

Scores

CVSS v3 5.4

EPSS 0.1306

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Details

CISA KEV 2022-11-14

VulnCheck KEV 2022-11-11

InTheWild.io 2022-11-11

ENISA EUVD EUVD-2022-44294

Status published

Products (12)

microsoft/windows_10_1507 < 10.0.10240.19567

microsoft/windows_10_1607 < 10.0.14393.5501

microsoft/windows_10_1809 < 10.0.17763.3650

microsoft/windows_10_20h2 < 10.0.19042.2251

microsoft/windows_10_21h1 < 10.0.19043.2251

microsoft/windows_10_21h2 < 10.0.19044.2251

microsoft/windows_10_22h2 < 10.0.19045.2251

microsoft/windows_11_21h2 < 10.0.22000.1219

microsoft/windows_11_22h2 < 10.0.22621.819

microsoft/windows_server_2016 < 10.0.14393.5501

... and 2 more

Published Nov 09, 2022

KEV Added Nov 14, 2022

Tracked Since Feb 18, 2026