Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Added Nov. 8, 2022 • Due Dec. 9, 2022 • CVE-2022-41125

Overdue Microsoft / Windows CWE-787

Description

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Required Action

Apply updates per vendor instructions.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125
https://nvd.nist.gov/vuln/detail/CVE-2022-41125

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 4 months, 1 week ago