CISA obliged federal agencies to urgently fix vulnerability in Windows 10

by Emma Davis
February 8, 2022
CISA and Vulnerability in Windows 10
Written by Emma Davis

The US Cybersecurity and Infrastructure Security Agency (CISA) has put federal agencies on a tight deadline by requiring them to fix a critical vulnerability in Windows 10 by February 18th.

This is the vulnerability CVE-2022-21882 (7.0 points on the CVSS vulnerability rating scale), which CISA was added to its Catalog of Known Exploited Vulnerabilities.

Vulnerabilities of this type are a popular attack vector for cybercriminals and pose a significant threat to the security of federal agencies.CISA said.

CVE-2022-21882 is a vulnerability in Windows 10 and does not require high privileges to exploit. In the worst case, no user action is required for successful operation.

Microsoft fixed the vulnerability as part of Patch Tuesday in January 2022.

A PoC exploit for the vulnerability has been available for several weeks now. Its author is the head of Privacy Piiano Gil Dabah, who discovered the problem two years ago. Having identified the problem, the researcher decided not to report it to Microsoft because he was angry at the company for the late and insufficient payment of bug bounty rewards.

Found it two years ago. Not recently. That’s the point. The reason I didn’t reveal it is because I waited a very long time for Microsoft to pay me for another find. By the time they finally paid, the fee had dwindled to almost nothing. I was already busy with my startup, and the vulnerability remained unpatched.the researcher said.

Microsoft listed RyeLv as the researcher who discovered the vulnerability. The researcher submitted his description of the type mismatch vulnerability in Win32k.sys on January 13, 2022.

An attacker could tell the corresponding GUI API in user mode to make a kernel call like xxxMenuWindowProc, xxxSBWndProc, xxxSwitchWndProc, xxxTooltipWndProc, etc. These kernel functions will cause xxxClientAllocWindowClassExtraBytes to be returned. An attacker can intercept this return by capturing xxxClientAllocWindowClassExtraBytes in the KernelCallbackTable and using the NtUserConsoleControl method to set the ConsoleWindow flag on the tagWND object, which will modify the window type.explained RyeLv.

The CISA added the vulnerability to the database of known exploited vulnerabilities because it has already been used in attacks. Although the deadline for fixing the vulnerability was set only for federal agencies, CISA hopes that private companies will also install patches.

Let me remind you that we also said that 0-day vulnerabilities in atmfd.dll endanger all versions of Windows and also that Google experts publish exploit for critical bug in Windows 10.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending