CVE-2022-22012

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published May 10, 2022
Updated: Jan 2, 2025

Summary

CVE-2022-22012 is a remote code execution vulnerability impacting Windows servers with an instanced Lightweight Directory Access Protocol (LDAP) service. Attackers can exploit this issue by sending specially crafted LDAP messages to the vulnerable system, resulting in arbitrary code execution with the privileges of the LDAP service account. Successful exploitation could lead to unauthorized system access, data theft, or further compromise of the targeted network. It is recommended to apply the available Microsoft security update to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2016

Affected Vendors

  • Microsoft