CVE-2022-26933
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2022-26933 is a newly disclosed vulnerability affecting Microsoft Windows operating systems. This information disclosure issue allows an attacker to gain unauthorized access to sensitive NTFS (New Technology File System) metadata, potentially revealing file names, sizes, and permissions. Successful exploitation could lead to further attacks, such as data theft or privilege escalation. The vulnerability resides in the way Windows handles certain NTFS file system operations, making all versions of Windows NT 6.x and later potentially vulnerable. Windows users are advised to apply the available patches as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows 10
- Microsoft Windows Server 2012
- Microsoft Windows 8.1
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
Affected Vendors
- Microsoft