Lucene search
HistorySep 13, 2022 - 7:15 p.m.
CVE-2022-26928
cve-2022-26928
windows
photo
import
api
elevation
privilege
vulnerability
nvd
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%
Windows Photo Import API Elevation of Privilege Vulnerability
Affected configurations
Node
microsoftwindows_10_1809Range10.0.0โ10.0.17763.4131
ORmicrosoftwindows_server_2019Range10.0.0โ10.0.17763.4131
ORmicrosoftwindows_server_2019Range10.0.0โ10.0.17763.4131
ORmicrosoftwindows_10_21h1Range10.0.0โ10.0.19043.2006
ORmicrosoftwindows_server_2022Range10.0.0โ10.0.20348.1726
ORmicrosoftwindows_server_2022Range10.0.0โ10.0.20348.1724
ORmicrosoftwindows_10_20h2Range10.0.0โ10.0.19042.2006
ORmicrosoftwindows_11_21h2Range10.0.0โ10.0.22000.1936
ORmicrosoftwindows_10_21h2Range10.0.0โ10.0.19044.2965
ORmicrosoftwindows_10_22h2Range10.0.0โ10.0.19045.2965
ORmicrosoftwindows_10_1507Range10.0.0โ10.0.10240.19805
ORmicrosoftwindows_10_1607Range10.0.0โ10.0.14393.5786
ORmicrosoftwindows_server_2016Range10.0.0โ10.0.14393.5786
ORmicrosoftwindows_server_2016Range10.0.0โ10.0.14393.5786
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_10_1809 | * | cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 | * | cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 | * | cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
| microsoft | windows_10_21h1 | * | cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2022 | * | cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2022 | * | cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
| microsoft | windows_10_20h2 | * | cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:* |
| microsoft | windows_11_21h2 | * | cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* |
| microsoft | windows_10_21h2 | * | cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* |
| microsoft | windows_10_22h2 | * | cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1809",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4131:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4131:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4131:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.4131",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4131:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.4131",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4131:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.4131",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 21H1",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.2006:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.2006:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.2006:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19043.2006",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2022",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:*:*:*:*",
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1724:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.20348.1726",
"versionType": "custom",
"status": "affected"
},
{
"version": "10.0.0",
"lessThan": "10.0.20348.1724",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 20H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2006:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2006:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19042.2006",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 11 version 21H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:arm64:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.22000.1936",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 21H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19044.2965",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 22H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19045.2965",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1507",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19805:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19805:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.10240.19805",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1607",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5786:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5786:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.5786",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5786:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.5786",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5786:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.5786",
"versionType": "custom",
"status": "affected"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2022-26928
2022-09-13 19:15:09
attackerkb
attackerkb
CVE-2022-26928
2022-09-13 00:00:00
mscve
mscve
Windows Photo Import API Elevation of Privilege Vulnerability
2022-09-13 07:00:00
cvelist
cvelist
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability
2022-09-13 18:41:25
prion
prion
Privilege escalation
2022-09-13 19:15:00
mskb
mskb
May 9, 2023โKB5026370 (OS Build 20348.1726)
2023-05-09 07:00:00
May 9, 2023โ KB5026456 (OS Build 20348.1724)
2023-05-09 07:00:00
May 9, 2023โKB5026361 (OS Builds 19042.2965, 19044.2965, and 19045.2965)
2023-05-09 07:00:00
nessus
nessus
KB5017327: Windows 10 LTS 1507 Security Update (September 2022)
2022-09-13 00:00:00
KB5017308: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (September 2022)
2022-09-13 00:00:00
KB5017328: Windows 11 Security Update (September 2022)
2022-09-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5017327)
2022-09-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5017308)
2022-09-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5017305)
2022-09-14 00:00:00
kaspersky
kaspersky
KLA19245 Multiple vulnerabilities in Microsoft Windows
2022-09-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - September 2022
2022-09-13 20:11:08
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%
Related for CVE-2022-26928