CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 9, 2022

High

CISA KEV

CVE-2022-41125

Microsoft—Windows

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Required Action

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125; https://nvd.nist.gov/vuln/detail/CVE-2022-41125

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Published: Nov 8, 2022
KEV Added: Nov 8, 2022
Due Date: Dec 9, 2022
Related Articles: 0

Vendor

Microsoft

Windows