CVE-2022-23279 - OpenCVE

Windows ALPC Elevation of Privilege Vulnerability

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Server 2022 Windows 11 Windows 10

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10:20h2::::::arm64:
	cpe:2.3:o:microsoft:windows_10:20h2::::::x64:
	cpe:2.3:o:microsoft:windows_10:20h2::::::x86:
	cpe:2.3:o:microsoft:windows_10:21h1::::::arm64:
	cpe:2.3:o:microsoft:windows_10:21h1::::::x64:
	cpe:2.3:o:microsoft:windows_10:21h1::::::x86:
	cpe:2.3:o:microsoft:windows_10:21h2::::::arm64:
	cpe:2.3:o:microsoft:windows_10:21h2::::::x64:
	cpe:2.3:o:microsoft:windows_10:21h2::::::x86:
	cpe:2.3:o:microsoft:windows_10:1909::::::arm64:
	cpe:2.3:o:microsoft:windows_10:1909::::::x64:
	cpe:2.3:o:microsoft:windows_10:1909::::::x86:
	cpe:2.3:o:microsoft:windows_11:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2022::::::::

References

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2022-05-10T20:33:35

Updated: 2024-05-29T14:27:53.284Z

Reserved: 2022-01-15T00:00:00

Link: CVE-2022-23279

JSON object: View

NVD Information

Status : Modified

Published: 2022-05-10T21:15:09.960

Modified: 2023-12-21T00:15:12.260

Link: CVE-2022-23279

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"title": "Windows ALPC Elevation of Privilege Vulnerability", "datePublic": "2022-05-10T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1909", "cpes": ["cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.2274:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.2274:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.2274:*:*:*:*:*:x64:*"], "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.18363.2274", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H1", "cpes": ["cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1706:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1706:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1706:*:*:*:*:*:x86:*"], "platforms": ["x64-based Systems", "ARM64-based Systems", "32-bit Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19043.1706", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "cpes": ["cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.707:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.20348.707", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 20H2", "cpes": ["cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1706:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1706:*:*:*:*:*:arm64:*"], "platforms": ["32-bit Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1706", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server version 20H2", "cpes": ["cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1706:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1706", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 21H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.675:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.675:*:*:*:*:*:arm64:*"], "platforms": ["x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22000.675", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H2", "cpes": ["cpe:2.3:o:microsoft:windows_10_21H2:10.0.19043.1706:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1706:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.1706:*:*:*:*:*:x64:*"], "platforms": ["32-bit Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19043.1706", "versionType": "custom", "status": "affected"}, {"version": "10.0.0", "lessThan": "10.0.19044.1706", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Windows ALPC Elevation of Privilege Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T14:27:53.284Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-23279", "datePublished": "2022-05-10T20:33:35", "dateReserved": "2022-01-15T00:00:00", "dateUpdated": "2024-05-29T14:27:53.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "matchCriteriaId": "610B33F9-0309-4CF7-B7E4-5152D9B2FFE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "matchCriteriaId": "21074553-EDF2-468D-8E79-C39851B5BC79", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "matchCriteriaId": "4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "matchCriteriaId": "49A4BBDA-0389-4171-AA49-6837F7DF4454", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "matchCriteriaId": "F8C238FA-B20F-40A5-B861-A8295858F4BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "matchCriteriaId": "56513BCA-A9F5-4112-BDE6-77E9B8D2677E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "matchCriteriaId": "665EA912-D724-41EB-86A9-24EB4FE87B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "matchCriteriaId": "77E07B96-EAAA-4DD6-9172-0DE98A36726F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "matchCriteriaId": "B846A736-E77C-4665-B28B-4E511880D575", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "matchCriteriaId": "31622391-A67E-4E2A-A855-1316B6E38630", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "matchCriteriaId": "61F0792D-7587-4297-8EE7-D4DC3A30EE84", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "matchCriteriaId": "7649042B-4430-4BD9-B82F-984A2831A651", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Windows ALPC Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Una vulnerabilidad de Elevaci\u00f3n de Privilegios de Windows ALPC"}], "id": "CVE-2022-23279", "lastModified": "2023-12-21T00:15:12.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2022-05-10T21:15:09.960", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}