Detections
Analytics
CVE-2022-24521
high
Description
Windows Common Log File System Driver Elevation of Privilege Vulnerability
From the Tenable Blog
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)
Published: 2022-04-12
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521) Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency.
References
https://www.edgescan.com/wp-content/uploads/2024/03/2023-Vulnerability-Statistics-Report.pdf
https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor
https://www.securityweek.com/anatomy-of-a-blackcat-attack-through-the-eyes-of-incident-response/
https://www.sygnia.co/blog/blackcat-ransomware/
https://securelist.com/windows-clfs-exploits-ransomware/111560/
https://securelist.com/windows-clfs-exploits-ransomware-cve-2022-24521/111580/
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
Details
Published: 2022-04-15
Updated: 2025-02-24
Named Vulnerability: WindowsKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 4.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: Medium
CVSS v3
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS
EPSS: 0.03308