1. Home
  2. Vulnerabilities
  3. CVE-2022-41033

CVE-2022-41033

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.07 % (31th)
0.07% Progress
Affected Products 16
Advisories 2
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows COM+ Event System Service Elevation of Privilege Vulnerability

Weaknesses
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2022-10-11 19:15:20
(23 months ago)
Updated Date
2024-06-28 13:56:53
(2 months ago)
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033; https://nvd.nist.gov/vuln/detail/CVE-2022-41033
Vendor
Microsoft
Product
Windows COM+ Event System Service
In CISA Catalog from
2022-10-11
(23 months ago)
Due Date
2022-11-01
(22 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19507 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19507
  Microsoft Windows 10 1607 prior 10.0.14393.5427 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.5427
  Microsoft Windows 10 1809 prior 10.0.17763.3532 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.3532
  Microsoft Windows 10 20h2 prior 10.0.19042.2130 version cpe:2.3:o:microsoft:windows_10_20h2 < 10.0.19042.2130
  Microsoft Windows 10 21h1 prior 10.0.19043.2130 version cpe:2.3:o:microsoft:windows_10_21h1 < 10.0.19043.2130
  Microsoft Windows 10 21h2 prior 10.0.19044.2130 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.2130
  Microsoft Windows 11 21h2 prior 10.0.22000.1098 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.1098
  Microsoft Windows 11 22h2 prior 10.0.22621.674 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.674
  Microsoft Windows 7 SP1 cpe:2.3:o:microsoft:windows_7:-:sp1
  Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.5427 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5427
  Microsoft Windows Server 2019 prior 10.0.17763.3532 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.3532
  Microsoft Windows Server 2022 prior 10.0.20348.1129 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.1129