CVE-2022-21904: 
vulnerability analysis and mitigation

CVE-2022-21904 is a Windows GDI Information Disclosure Vulnerability that was discovered and disclosed in January 2022. The vulnerability affects multiple versions of Microsoft Windows including Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022 (CVE Mitre).

The vulnerability has been assigned a CVSS base score of 5.0, indicating a moderate severity level. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no authentication (Au:N) and potentially resulting in partial information disclosure (C:P) without impact on integrity or availability (Rapid7).

This vulnerability could allow an attacker to obtain sensitive information disclosure from affected Windows systems. The primary impact is limited to information disclosure without direct system compromise (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple affected versions. The fixes are available through various KB updates including KB5009543 for Windows 10 versions 20H2, 21H1, and 21H2, KB5009546 for Windows 10 version 1607, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022 (Rapid7).