In a recent blog post by technology media Bleeping Computer, a local privilege escalation vulnerability in Windows 10 was disclosed, allowing any user to gain administrator privileges on the operating system. The vulnerability, currently numbered CVE-2022-21882, has been fixed in an update released on the January Patch Tuesday event day.
This vulnerability in Windows 10 can be exploited by hackers to escalate their privileges, allowing them to spread laterally across the network and create new administrative users. This vulnerability is an extended means of exploiting the CVE-2021-1732 vulnerability (which has been fixed).
William Dormann, a vulnerability analyst at CERT/CC, said on Twitter that he had demonstrated that the vulnerability worked and escalated privileges. BleepingComputer was able to independently verify the existence of the vulnerability but only made it work on Windows 10.
Since the vulnerability has been patched, most computers are not affected by it. However, some administrators have chosen to skip the January 2022 “Patch Tuesday” update due to the collection of some critical vulnerabilities. As a result, some PCs are still vulnerable to the recently fixed exploit.