CVE-2022-21919 in Windowsinfo

Summary

by MITRE • 01/12/2022

Windows User Profile Service Elevation of Privilege Vulnerability

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/30/2025

This vulnerability resides within the Windows User Profile Service which is responsible for managing user profiles and associated settings during system login and logout operations. The flaw manifests as an elevation of privilege vulnerability that allows a local attacker to escalate their privileges from a standard user account to system level access. The vulnerability stems from improper handling of user profile data structures during the profile loading process, specifically when the system attempts to process maliciously crafted profile information that could be manipulated by an unprivileged user. The core technical issue involves insufficient validation of profile data integrity and access controls within the service's memory management routines.

The operational impact of this vulnerability is significant as it provides a pathway for privilege escalation without requiring any network connectivity or external attack vectors. An attacker with local access to a Windows system can exploit this weakness to gain system-level privileges, effectively bypassing standard user account restrictions and gaining complete control over the affected system. The vulnerability affects multiple Windows versions including Windows 10, Windows 11, and various Windows Server editions, making it a widespread concern across enterprise environments. This type of vulnerability directly maps to CWE-264, which addresses permissions, privileges, and access controls, and aligns with ATT&CK technique T1068 which covers privilege escalation through local exploit techniques.

Security researchers have identified that the vulnerability occurs when the User Profile Service processes user profile information that contains crafted malicious data structures. The flaw allows for arbitrary code execution within the context of the system process, enabling attackers to execute malicious payloads with elevated privileges. The exploitation requires local system access and does not depend on network-based attack vectors, making it particularly concerning for environments where physical access or remote desktop protocols are in use. Organizations should note that this vulnerability can be leveraged as a stepping stone for further attacks within a network, potentially leading to full domain compromise if exploited in conjunction with other techniques. The vulnerability's exploitation can be automated and does not require sophisticated attack infrastructure, making it a high-risk target for both advanced persistent threat actors and less sophisticated attackers seeking system access.

Mitigation strategies should focus on applying the Microsoft security patches released in the February 2022 security updates, which address the specific privilege escalation flaw in the User Profile Service. System administrators should prioritize patch deployment across all affected Windows systems, particularly those with local user accounts or systems accessible through remote desktop protocols. Additional defensive measures include implementing least privilege access controls, disabling unnecessary user profile services where possible, and monitoring for unusual profile loading activities. The vulnerability also highlights the importance of maintaining current security practices including regular system updates, proper access controls, and network segmentation to limit the potential impact of privilege escalation exploits. Organizations should also consider implementing endpoint detection and response solutions that can identify suspicious profile service behavior and potential exploitation attempts.

Responsible

Microsoft

Reservation

12/14/2021

Disclosure

01/12/2022

Moderation

accepted

CPE

ready

EPSS

0.02950

KEV

yes

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!