CVE-2022-40733 – This CVE describes an access violation vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-40733?

CVE-2022-40733 has a CVSS score of 5.0 (MEDIUM). This CVE describes an access violation vulnerability in the DirectComposition functionality of the win32kbase.sys driver on Windows 11 and Windows Server 2022. An unprivileged user can trigger a denial of service (system reboot) by running specially-crafted code. This affects Windows 11 version 22000.593 and Windows Server 2022 version 20348.643.

📋 TL;DR

This CVE describes an access violation vulnerability in the DirectComposition functionality of the win32kbase.sys driver on Windows 11 and Windows Server 2022. An unprivileged user can trigger a denial of service (system reboot) by running specially-crafted code. This affects Windows 11 version 22000.593 and Windows Server 2022 version 20348.643.

💻 Affected Systems

Products:

Windows 11
Windows Server 2022

Versions: Windows 11 version 22000.593, Windows Server 2022 version 20348.643

Operating Systems: Windows 11, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific patch versions of these operating systems.

📦 What is this software?

Windows 11 21h2 by Microsoft

View all CVEs affecting Windows 11 21h2 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System reboot causing service disruption and potential data loss if applications don't save state properly.

🟠

Likely Case

Local denial of service resulting in system reboot and temporary unavailability.

🟢

If Mitigated

Minimal impact if systems are patched or isolated from untrusted users.

🌐 Internet-Facing: LOW - Requires local access or code execution on the target system.

🏢 Internal Only: MEDIUM - Unprivileged local users could disrupt critical systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute specially-crafted code. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Windows updates beyond the affected versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-40733

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit local user accounts to prevent execution of untrusted code.

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted users from logging in locally.
Monitor for unusual system reboots and investigate any unauthorized local user activity.

🔍 How to Verify

Check if Vulnerable:

Check Windows version with 'winver' command - if showing Windows 11 version 22000.593 or Windows Server 2022 version 20348.643, system is vulnerable.

Check Version:

winver

Verify Fix Applied:

Run 'winver' to confirm version is updated beyond the vulnerable versions.

📡 Detection & Monitoring

Log Indicators:

Unexpected system reboots in Event Viewer (Event ID 1074, 6008)
Failed DirectComposition operations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=1074 OR EventID=6008 | where Source="User32" | where Message contains "unexpected"

📊 Metadata

CVE ID: CVE-2022-40733

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: December 18, 2024

Last Updated: August 26, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-40733, you might also want to check these: