Windows User Profile Service Elevation of Privilege Vulnerability
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10 1507
OSMicrosoft< 10.0.10240.19265Microsoft Windows 10 1607
OSMicrosoft< 10.0.14393.5066Microsoft Windows 10 1809
OSMicrosoft< 10.0.17763.2803Microsoft Windows 10 1909
OSMicrosoft< 10.0.18363.2212Microsoft Windows 10 20h2
OSMicrosoft< 10.0.19042.1645Microsoft Windows 10 21h1
OSMicrosoft< 10.0.19043.1645Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.1645Microsoft Windows 11 21h2
OSMicrosoft< 10.0.22000.613Microsoft Windows 7
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.5066Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.2803Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.643Microsoft Windows Server 20h2
OSMicrosoft< 10.0.19042.1645
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Windows
- Added to KEVi
- April 25, 2022
- Remediation deadline (US Federal)i
- May 16, 2022(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 16 maja 2022
Related vulnerabilities
CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam produkt
RCE w Windows Server Update Service (WSUS) — deserializacja danych
CVE-2021-31166CRITICAL9.8⚠ KEVten sam produkt
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
CVE-2020-0796CRITICAL10.0⚠ KEVten sam produkt
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) ...