CVE-2022-44698

MEDIUM KEV RANSOMWARE

Windows SmartScreen - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2022-44698 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 13, 2022, with confirmed use in ransomware campaigns.

Description

Windows SmartScreen Security Feature Bypass Vulnerability

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-44698

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698

Scores

CVSS v3 5.4

EPSS 0.6722

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2022-12-13

VulnCheck KEV 2022-12-13

InTheWild.io 2022-12-13

ENISA EUVD EUVD-2022-47632

Ransomware Use Confirmed

Status published

Products (10)

microsoft/windows_10_1607 < 10.0.14393.5582

microsoft/windows_10_1809 < 10.0.17763.3770

microsoft/windows_10_20h2 < 10.0.19042.2364

microsoft/windows_10_21h1 < 10.0.19043.2364

microsoft/windows_10_21h2 < 10.0.19044.2364

microsoft/windows_10_22h2 < 10.0.19045.2364

microsoft/windows_11_21h2 < 10.0.22000.1335

microsoft/windows_server_2016 < 10.0.14393.5582

microsoft/windows_server_2019 < 10.0.17763.3770

microsoft/windows_server_2022 < 10.0.20348.1366

Published Dec 13, 2022

KEV Added Dec 13, 2022

Tracked Since Feb 18, 2026