CVE-2022-26933

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published May 10, 2022
Updated: Jan 2, 2025

Summary

CVE-2022-26933 is a newly disclosed vulnerability affecting Microsoft Windows operating systems. This information disclosure issue allows an attacker to gain unauthorized access to sensitive NTFS (New Technology File System) metadata, potentially revealing file names, sizes, and permissions. Successful exploitation could lead to further attacks, such as data theft or privilege escalation. The vulnerability resides in the way Windows handles certain NTFS file system operations, making all versions of Windows NT 6.x and later potentially vulnerable. Windows users are advised to apply the available patches as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 10
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

Affected Vendors

  • Microsoft