CVE-2022-41125
HIGH KEVWindows CNG Key Isolation Service - Privilege Escalation
Title source: llmExploitation Summary
CVE-2022-41125 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 8, 2022.
Description
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41125
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125
Scores
CVSS v3
7.8
EPSS
0.0070
EPSS Percentile
72.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-11-08
VulnCheck KEV
2022-11-08
InTheWild.io
2022-11-08
ENISA EUVD
EUVD-2022-44368
CWE
CWE-787
Status
published
Products (15)
microsoft/windows_10_1507
< 10.0.10240.19567
microsoft/windows_10_1607
< 10.0.14393.5501
microsoft/windows_10_1809
< 10.0.17763.3650
microsoft/windows_10_20h2
< 10.0.19042.2251
microsoft/windows_10_21h1
< 10.0.19043.2251
microsoft/windows_10_21h2
< 10.0.19044.2251
microsoft/windows_10_22h2
< 10.0.19045.2251
microsoft/windows_11_21h2
< 10.0.22000.1219
microsoft/windows_11_22h2
< 10.0.22621.819
microsoft/windows_8.1
(2 CPE variants)
... and 5 more
Published
Nov 09, 2022
KEV Added
Nov 08, 2022
Tracked Since
Feb 18, 2026