CVE-2022-41089 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8
microsoft	.net_framework	4.6
microsoft	.net_framework	4.6.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8.1
microsoft	.net_framework	3.5.1
microsoft	.net_framework	3.5
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	3.0:sp2
microsoft	.net_framework	4.6
microsoft	.net_framework	3.5
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5021243
1607 (x64, x86)	KB5020873
1809 (arm64, x64, x64, x86, x86)	KB5021085
20H2 (arm64, arm64, x86, x86)	KB5021086
21H1 (arm64, arm64, x64, x64, x86)	KB5021087
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5021088
22H2 (arm64, arm64, x64, x86, x86)	KB5021089

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5021090
22H2 (arm64, x64)	KB5020880

Windows 7

Service Pack 1 (x64, x64, x64, x86, x86, x86)

Windows 8.1

(x64, x64, x86, x86)	KB5021093
(x64, x64, x64, x86, x86, x86)	KB5021081

Windows RT 8.1

All

Windows Server 2008

Service Pack 2 (x64, x64, x86, x86)	KB5021094
Service Pack 2 Server Core (x64, x86)	KB5021094

Windows Server 2008 R2

Service Pack 1 (x64, x64, x64)	KB5021091
Service Pack 1 Server Core (x64, x64, x64)	KB5021091

Windows Server 2012

Server Core	KB5021092
Standard	KB5021092

Windows Server 2012 R2

Server Core	KB5021093
Server Core	KB5021081
Standard	KB5021093
Standard	KB5021081

Windows Server 2016

Server Core	KB5020873
Standard	KB5020873

Windows Server 2019

Server Core	KB5021085
Standard	KB5021085

Windows Server 2022

Server Core	KB5021095
Standard	KB5021095

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
kinetic	not-affected
trusty	dne
xenial	dne

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089