CVE-2022-23290: 
vulnerability analysis and mitigation

Windows Inking COM Elevation of Privilege Vulnerability (CVE-2022-23290) was identified and disclosed in March 2022. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (NIST NVD).

The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The CVSS v2.0 base score is 7.2 (High) with the vector (AV:L/AC:L/Au:N/C:C/I:C/A:C). This indicates a locally exploitable vulnerability with low attack complexity and high impacts on confidentiality, integrity, and availability (NIST NVD).

The vulnerability could allow an attacker to gain elevated privileges on affected systems. Given the CVSS scoring, successful exploitation could result in complete compromise of system confidentiality, integrity, and availability (NIST NVD).

Microsoft has released security updates to address this vulnerability across multiple affected Windows versions, including Windows 10 (various versions), Windows 11, and Windows Server editions. Users are advised to apply the appropriate security updates (Rapid7).