CVE-2022-29113

7.8 HIGH

📋 TL;DR

This vulnerability allows an authenticated attacker to execute code with SYSTEM privileges on Windows systems. It affects Windows Digital Media Receiver functionality, primarily impacting Windows 10 and Windows 11 systems where this feature is enabled.

💻 Affected Systems

Products:

Windows 10
Windows 11
Windows Server 2022

Versions: Windows 10 versions 20H2, 21H1, 21H2; Windows 11; Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Digital Media Receiver functionality to be present/enabled. Most consumer and enterprise Windows installations are affected.

📦 What is this software?

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 11 by Microsoft

View all CVEs affecting Windows 11 →

Windows 11 by Microsoft

View all CVEs affecting Windows 11 →

Windows Server by Microsoft

View all CVEs affecting Windows Server →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full SYSTEM privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement across the network.

🟠

Likely Case

Local authenticated attacker elevates privileges to SYSTEM level to bypass security controls, install malware, or access protected resources.

🟢

If Mitigated

With proper patch management and least privilege principles, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to gain SYSTEM privileges on workstations and servers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2022 security updates (KB5013942 for Windows 10 21H2, KB5013943 for Windows 11)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29113

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install May 2022 security updates. 4. Restart system when prompted.

🔧 Temporary Workarounds

Disable Digital Media Receiver

windows

Disable the vulnerable Digital Media Receiver functionality via Group Policy or registry

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableDMR" /t REG_DWORD /d 0 /f

🧯 If You Can't Patch

Implement strict least privilege access controls to limit authenticated user capabilities
Monitor for privilege escalation attempts using Windows Event Logs and security tools

🔍 How to Verify

Check if Vulnerable:

Check Windows version and if May 2022 security updates are installed via winver or systeminfo

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5013942 (Windows 10) or KB5013943 (Windows 11) is installed via Settings > Update & Security > View update history

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 with privileged process creation
Unexpected SYSTEM privilege processes from user accounts

Network Indicators:

Unusual outbound connections from systems after privilege escalation

SIEM Query:

source="windows" event_id=4688 AND (process_name="cmd.exe" OR process_name="powershell.exe") AND integrity_level="System"

📊 Metadata

CVE ID: CVE-2022-29113

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-362

Published: May 10, 2022

Last Updated: January 2, 2025

🔗 References