CVE-2022-41091
MEDIUM KEV RANSOMWAREWindows 10 1507-22H2 and Windows 11 21H2-22H2 - Security Feature Bypass via Mark of the Web
Title source: llmExploitation Summary
CVE-2022-41091 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 8, 2022, with confirmed use in ransomware campaigns.
Description
Windows Mark of the Web Security Feature Bypass Vulnerability
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41091
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091
Scores
CVSS v3
5.4
EPSS
0.0634
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-11-08
VulnCheck KEV
2022-11-08
InTheWild.io
2022-11-08
ENISA EUVD
EUVD-2022-44334
Ransomware Use
Confirmed
CWE
CWE-863
Status
published
Products (12)
microsoft/windows_10_1507
< 10.0.10240.19567
microsoft/windows_10_1607
< 10.0.14393.5501
microsoft/windows_10_1809
< 10.0.17763.3650
microsoft/windows_10_20h2
< 10.0.19042.2251
microsoft/windows_10_21h1
< 10.0.19043.2251
microsoft/windows_10_21h2
< 10.0.19044.2251
microsoft/windows_10_22h2
< 10.0.19045.2251
microsoft/windows_11_21h2
< 10.0.22000.1219
microsoft/windows_11_22h2
< 10.0.22621.819
microsoft/windows_server_2016
< 10.0.14393.5501
... and 2 more
Published
Nov 09, 2022
KEV Added
Nov 08, 2022
Tracked Since
Feb 18, 2026