What is CVE-2022-21971?

CVE-2022-21971 is a vulnerability in Microsoft Windows Runtime that allows for remote code execution.

Which versions of Windows are affected by CVE-2022-21971?

Windows 10 versions 20H2, 21H1, 21H2, and Windows 11 are affected by CVE-2022-21971.

What is the severity of CVE-2022-21971?

CVE-2022-21971 has a severity rating of 7.8, which is classified as critical.

How can I fix CVE-2022-21971?

To fix CVE-2022-21971, you should apply the relevant security patch provided by Microsoft. Please refer to the provided remedy URLs for more information.

Where can I find more information about CVE-2022-21971?

You can find more information about CVE-2022-21971 on the Microsoft Security Response Center website.

Vulnerability/
CVE-2022-21971

Exploited

critical

9.3

CWE

824

8/2/2022

9/2/2022

3/8/2024

CVE-2022-21971: Microsoft Windows Runtime Remote Code Execution Vulnerability

First published: Tue Feb 08 2022(Updated: )

Windows Runtime Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10	=20h2
Microsoft Windows 10	=20h2
Microsoft Windows 10	=20h2
Microsoft Windows 10	=21h1
Microsoft Windows 10	=21h1
Microsoft Windows 10	=21h1
Microsoft Windows 10	=21h2
Microsoft Windows 10	=21h2
Microsoft Windows 10	=21h2
Microsoft Windows 10	=1809
Microsoft Windows 10	=1809
Microsoft Windows 10	=1809
Microsoft Windows 10	=1909
Microsoft Windows 10	=1909
Microsoft Windows 10	=1909
Microsoft Windows 11
Microsoft Windows 11
Microsoft Windows Server	=20h2
Microsoft Windows Server	=2022
Microsoft Windows Server 2019
Microsoft Windows
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows Server	=20H2	fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows 10	=21H1	fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=1909	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10 1809	<10.0.17763.2565
Microsoft Windows 10 1909	<10.0.18363.2094
Microsoft Windows 10 20h2	<10.0.19042.1526
Microsoft Windows 10 21h1	<10.0.19043.1526
Microsoft Windows 10 21h2	<10.0.19044.1526
Microsoft Windows 11 21h2	<10.0.22000.493
Microsoft Windows Server 2019	<10.0.17763.2565
Microsoft Windows Server 2022	<10.0.20348.524
Microsoft Windows Server 20h2	<10.0.19042.1526

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971 (Advisory)

Frequently Asked Questions

What is CVE-2022-21971?
CVE-2022-21971 is a vulnerability in Microsoft Windows Runtime that allows for remote code execution.
Which versions of Windows are affected by CVE-2022-21971?
Windows 10 versions 20H2, 21H1, 21H2, and Windows 11 are affected by CVE-2022-21971.
What is the severity of CVE-2022-21971?
CVE-2022-21971 has a severity rating of 7.8, which is classified as critical.
How can I fix CVE-2022-21971?
To fix CVE-2022-21971, you should apply the relevant security patch provided by Microsoft. Please refer to the provided remedy URLs for more information.
Where can I find more information about CVE-2022-21971?
You can find more information about CVE-2022-21971 on the Microsoft Security Response Center website.

collector/nvd-index
agent/author
agent/type
agent/first-publish-date
collector/msrc-cve
source/Microsoft
agent/description
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/title
agent/severity
agent/weakness
agent/references
agent/event
collector/nvd-api
source/NVD
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/20h2
version/microsoft windows 10/21h1
version/microsoft windows 10/21h2
version/microsoft windows 10/1809
version/microsoft windows 10/1909
canonical/microsoft windows 11
canonical/microsoft windows server
version/microsoft windows server/20h2
version/microsoft windows server/2022
canonical/microsoft windows server 2019
canonical/microsoft windows
canonical/microsoft windows server 2022
version/microsoft windows 11/21h2
canonical/microsoft windows 10 1809
canonical/microsoft windows 10 1909
canonical/microsoft windows 10 20h2
canonical/microsoft windows 10 21h1
canonical/microsoft windows 10 21h2
canonical/microsoft windows 11 21h2
canonical/microsoft windows server 20h2