Outbreak AlertMicrosoft Win32k Privilege Escalation Vulnerability
Critical vulnerability affecting some unknown functionality of the component Win32k
Public exploit code was disclosed and CISA requires all federal agencies to patch all systems vulnerable to CVE-2022-21882 by Feb 18, 2022. Learn More »
Common Vulnerabilities and Exposures
Background
A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. CISA has added to the list of known publically exploited vulnerabilities on February 4, 2022.
Threat Radar Overall Score:
 |
CVSS Rating | 7.0 |
 |
FortiRecon Score | 79/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 0.11% |
 |
FortiGuard Telemetry | 1 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Announced and fix published by Microsoft on January 11 as part of patch Tuesday -
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882
As per a binding operational directive (BOD 22-01) issued in November and today's announcement, all Federal Civilian Executive Branch Agencies (FCEB) agencies are now required to patch all systems against this vulnerability within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
| Indicator | Type | Status |
|---|---|---|
| https://kmsauto.us/someone/start.ps1 | url | Active |
| 6c94a1bc67af21cedb0bffac03019dbf870649a182e58cc... | file | Active |
| 018dd881f5bf9181b70f78d7d38bd62a | file | Active |
| 41e8cd903dc07b6a0cff89ef34bf6a5a502fc908d0c75a9... | file | Active |
| 64.226.78.9 | ip | Active |
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.