CVE-2022-21994: 
vulnerability analysis and mitigation

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2022-21994) was discovered and disclosed in December 2021. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity. The CVSS v2.0 base score is 7.2 (HIGH) with vector (AV:L/AC:L/Au:N/C:C/I:C/A:C) (NVD).

This elevation of privilege vulnerability in the Windows DWM Core Library could allow an attacker to gain higher privileges on affected systems. The vulnerability affects confidentiality, integrity, and availability with high severity ratings across all three aspects (Microsoft MSRC).

Microsoft has released security updates to address this vulnerability across affected Windows versions, including Windows 10 (versions 1809, 1909, 20H2, 21H1, 21H2), Windows 11, Windows Server 2019, and Windows Server 2022. Users are advised to apply the appropriate security updates (Rapid7).