• Language chooser
    • USA (English)
    • France (Français)

Microsoft Win32k Privilege Escalation Vulnerability

Released: Feb 07, 2022

High Severity

Microsoft Windows Platform

Microsoft Vendor

Vulnerability Type

Critical vulnerability affecting some unknown functionality of the component Win32k

Public exploit code was disclosed and CISA requires all federal agencies to patch all systems vulnerable to CVE-2022-21882 by Feb 18, 2022. Learn More »

Common Vulnerabilities and Exposures



A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. CISA has added to the list of known publically exploited vulnerabilities on February 4, 2022.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Announced and fix published by Microsoft on January 11 as part of patch Tuesday -

As per a binding operational directive (BOD 22-01) issued in November and today's announcement, all Federal Civilian Executive Branch Agencies (FCEB) agencies are now required to patch all systems against this vulnerability within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • Vulnerability

  • IPS

  • Outbreak Detection

  • Threat Hunting

  • Assisted Response Services

  • Automated Response

  • NOC/SOC Training

  • End-User Training

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...