CVE-2022-35750

Q: What is the severity of CVE-2022-35750?

CVE-2022-35750 has a CVSS score of 7.8 (HIGH). CVE-2022-35750 is a Win32k elevation of privilege vulnerability in Windows that allows an authenticated attacker to gain SYSTEM-level privileges on a compromised system. This affects Windows operating systems and requires an attacker to already have some level of access to the target machine. Successful exploitation enables complete system takeover.

7.8 HIGH

📋 TL;DR

CVE-2022-35750 is a Win32k elevation of privilege vulnerability in Windows that allows an authenticated attacker to gain SYSTEM-level privileges on a compromised system. This affects Windows operating systems and requires an attacker to already have some level of access to the target machine. Successful exploitation enables complete system takeover.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both client and server editions. Requires attacker to have local access and ability to execute code.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, credential theft, lateral movement, and disabling of security controls.

🟠

Likely Case

Local privilege escalation from a standard user or service account to SYSTEM, allowing attackers to bypass security restrictions and maintain persistence.

🟢

If Mitigated

Limited impact if proper patch management and least privilege principles are followed, though initial compromise could still occur.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains initial access to a system (via phishing, credential theft, etc.), this vulnerability enables full system compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to the system. Exploit code has been publicly released, increasing likelihood of weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2022 security updates (KB5016616 for Windows 10, KB5016623 for Windows 11, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750

Restart Required: Yes

Instructions:

1. Apply August 2022 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS, SCCM, or Intune. 3. Restart systems after patch installation.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Implement least privilege by ensuring users operate with standard user accounts rather than administrative privileges.

Enable Windows Defender Exploit Guard

windows

Configure Exploit Guard to mitigate privilege escalation attempts.

🧯 If You Can't Patch

Implement application control policies to restrict execution of unauthorized binaries
Segment networks to limit lateral movement and contain potential breaches

🔍 How to Verify

Check if Vulnerable:

Check if August 2022 security updates are installed via 'wmic qfe list' or 'Get-Hotfix' in PowerShell.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5016616 (Windows 10) or KB5016623 (Windows 11) or equivalent Server patches are installed.

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 with suspicious parent processes
Unexpected privilege escalation events in Security logs
Process creation from unusual locations

Network Indicators:

Lateral movement attempts following local compromise
Unusual outbound connections from previously compromised systems

SIEM Query:

EventID=4688 AND (NewProcessName LIKE "%cmd.exe" OR NewProcessName LIKE "%powershell.exe") AND ParentProcessName IN ("explorer.exe", "svchost.exe") | stats count by Computer, ParentProcessName, NewProcessName

📊 Metadata

CVE ID: CVE-2022-35750

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: May 31, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 20h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user privileges

Enable Windows Defender Exploit Guard

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export