Windows’ January 2022 Patch Tuesday update patches an elevated access bug

2 min. read

Published onFebruary 1, 2022

published onFebruary 1, 2022

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

In a blog post by Bleeping Computer, a security researcher has published details of their exploit of a previously undiscovered local privilege elevation vulnerability in Windows 10, which allows any user to gain administrator privileges on the operating system.

CVE-2022-21882, a vulnerability in Windows 10 allows threat actors with limited access to a compromised device to easily elevate their privileges and perform privileged commands, allowing them to spread laterally within the network and create new administrative users. The vulnerability is a means of exploiting CVE-2021-1732, thepreviously patched bug.

William Dormann, a vulnerability analyst for CERT/CC, tweeted that he had demonstrated thatthe exploit worked and provided elevated privileges.BleepingComputer was able to independently verify the vulnerability’s existence, but could only get the exploit to work on Windows 10.

As the bug has already been patched, most PCs are not affected by it. However, some admins chose to skip the January 2022 Patch Tuesday updates because of the collection of critical bugs. As a result, some PCs remain susceptible to the recently-fixed vulnerability.

This means that they areat risk of compromise by a known exploit used in cyberattacksby advanced persistent threat (APT) groups. Microsoft has released out-of-band updates to fix vulnerabilities in the January 2022 updates. the elevated access bug. Administrators are advised to install the updates immediately.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Windows’ January 2022 Patch Tuesday update patches an elevated access bug#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Windows’ January 2022 Patch Tuesday update patches an elevated access bug