The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability that allows malicious actors to abuse the Microsoft operating system and secure administrator privileges on a device. The vulnerability affects Windows 10, Windows 11, and Windows Server.
In a CISA notice published February 4, all Federal Civilian Executive Branch Agencies (FCEB) agencies have two weeks to comply and address their systems to mitigate the threat from this actively exploited Windows vulnerability, tracked as CVE-2022-21882.
Additionally, CISA recommended all private and public sector firms reduce their exposure to ongoing cyber assaults by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.
"CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below," the cybersecurity agency said today. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise."
According to Microsoft's advisory, the attackers with limited access to exploited devices can use the newly obtained user rights to spread laterally within the network, create new admin users, or execute privileged commands.
"A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver," researchers explained.
This vulnerability affects systems running Windows 7, Windows 8, Windows 10, and Windows 11 as well as Windows Server 2019 and 2022. The bug is also a bypass of another Windows Win32k privilege escalation bug (CVE-2021-1732), a zero-day flaw patched in February 2021 and actively exploited in attacks since at least the summer of 2020.
Security experts at BleepingComputer also examined an exploit targeting this bug and discovered no issues compiling the exploit and using it to open Notepad with SYSTEM privileges on a Windows 10 system (the exploit didn't work on Windows 11).
In recent months, Windows patches have hit the headlines for the wrong reasons especially after Microsoft botched not one, but two zero-day patches. This led to security researcher Abdelhamid Naceri, who identified one of the failed patches, sarcastically warning users: “you better wait and see how Microsoft will screw the patch again.”