Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-35756

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows 10 Version 21h1
Vendor: CVE Published:; 31 May 2023

What is CVE-2022-35756?

A vulnerability in the Windows Kerberos authentication system could allow an attacker to elevate their privileges within a security context. By exploiting this flaw, unauthorized users may gain elevated access to sensitive resources or perform actions that require higher privileges than those assigned to them, which may lead to further system compromise. Organizations are advised to apply the necessary security updates promptly.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.19387

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5291

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.3287

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2023
Vulnerability Reserved
Jul 13, 2022

Microsoft

What is CVE-2022-35756?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline