Login Sign Up

CVE-2022-22043

7.8 HIGH

📋 TL;DR

This vulnerability in the Windows Fast FAT File System Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems with the vulnerable driver component. Attackers need local access to exploit this privilege escalation flaw.

💻 Affected Systems

Products:
  • Windows Fast FAT File System Driver
Versions: Windows 10, Windows 11, Windows Server 2022, Windows Server 2019
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with the Fast FAT driver enabled. Requires attacker to have local authenticated access.

📦 What is this software?

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 11 by Microsoft

View all CVEs affecting Windows 11 →

Windows 11 by Microsoft

View all CVEs affecting Windows 11 →

Windows 7 by Microsoft

View all CVEs affecting Windows 7 →

Windows 7 by Microsoft

View all CVEs affecting Windows 7 →

Windows 8.1 by Microsoft

View all CVEs affecting Windows 8.1 →

Windows 8.1 by Microsoft

View all CVEs affecting Windows 8.1 →

Windows Rt 8.1 by Microsoft

View all CVEs affecting Windows Rt 8.1 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where attacker gains SYSTEM privileges, enabling installation of malware, data theft, lateral movement, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM, allowing attackers to bypass security controls, install backdoors, or access protected system resources.

🟢

If Mitigated

Limited impact with proper access controls, least privilege principles, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.
🏢 Internal Only: HIGH - Significant risk from insider threats, compromised user accounts, or malware with initial foothold seeking privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local authenticated access and knowledge of driver internals. No public exploit code available as of last update.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2022 security updates (KB5015807, KB5015814, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22043

Restart Required: Yes

Instructions:

1. Apply July 2022 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or SCCM. 3. Verify update installation with 'wmic qfe list' showing July 2022 patches.

🔧 Temporary Workarounds

Disable Fast FAT driver

windows

Prevent loading of vulnerable driver component

sc config fastfat start= disabled
sc stop fastfat

Restrict driver loading

windows

Use Windows Defender Application Control to block vulnerable driver

🧯 If You Can't Patch

  • Implement strict access controls and least privilege principles
  • Monitor for suspicious driver loading and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if July 2022 security updates are not installed using 'wmic qfe list | findstr /i "July 2022"'

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify July 2022 security updates are installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

  • Event ID 4697: Service installation
  • Suspicious driver loading events
  • Privilege escalation attempts

Network Indicators:

  • Unusual outbound connections post-local access

SIEM Query:

EventID=4697 AND (ServiceName="fastfat" OR ImagePath="*\fastfat.sys")

📊 Metadata

CVE ID: CVE-2022-22043
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: July 12, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON