CVE-2022-26920: 
vulnerability analysis and mitigation

CVE-2022-26920 is a Windows Graphics Component Information Disclosure Vulnerability that was discovered and reported in early 2022. The vulnerability was first recorded on March 11, 2022, and affects various versions of Microsoft Windows including Windows 10, Windows 11, and Windows Server editions (CVE Mitre).

The vulnerability has been assigned a CVSS v2.0 score of 4.9 MEDIUM, indicating a moderate severity level. The attack requires local access (AV:L/AC:L/Au:N/C:C/I:N/A:N), suggesting that an attacker would need local system access to exploit this vulnerability (Rapid7).

This vulnerability could potentially lead to information disclosure in the Windows Graphics Component, allowing an attacker with local access to obtain sensitive information from the affected system (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. The fixes are available through various KB updates including KB5012647 for Windows 10 and Server 2019, KB5012591 for Windows 10 1909, KB5012599 for Windows 10 20H2/21H1/21H2, KB5012592 for Windows 11, and KB5012604 for Windows Server 2022 (Rapid7).