CVE-2022-41128
Published on: Not Yet Published
Last Modified on: 08/08/2023 02:21:00 PM UTC
Certain versions of Windows 10 from Microsoft contain the following vulnerability:
Windows Scripting Languages Remote Code Execution Vulnerability
- CVE-2022-41128 has been assigned by
secur[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Microsoft November 2022 Patch Tuesday fixes 65 vulnerabilities! | www.secpod.com text/html |
MISC www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/ |
| Security Update Guide - Microsoft Security Response Center | msrc.microsoft.com text/html |
MISC msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128 |
| Security Update Guide - Microsoft Security Response Center | portal.msrc.microsoft.com text/html |
MISC portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41128 |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h1 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 22h2 | All | All | All |
| Operating System | Microsoft | Windows 11 | - | All | All | All |
| Operating System | Microsoft | Windows 11 | 22h2 | All | All | All |
| Operating System | Microsoft | Windows 7 | sp1 | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2022 | - | All | All | All |
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @KevTheHermit |
CVE-2022-41128 - 8.8 - Windows Scripting Languages Remote Code Execution Vulnerability | 2022-11-08 18:01:40 |
| @SophosXOps |
...a CNG Key Isolation Elevation of Privilege vulnerability; and CVE-2022-41128, a Windows Scripting Languages Remo… twitter.com/i/web/status/1… | 2022-11-08 18:12:48 |
| @maddiestone |
Buckle up. ? 4 in-the-wild 0-days in today's Patch Tuesday: * CVE-2022-41128 in JScript9 discovered by @_clem1 * C… twitter.com/i/web/status/1… | 2022-11-08 18:20:41 |
| @IT_news_for_all |
ноябрьский Patch Tuesday у Microsoft. 68 уязвимостей, включая 4 zero day -CVE-2022-41128, JScript9 RCE, via Google… twitter.com/i/web/status/1… | 2022-11-08 20:20:48 |
| @ipssignatures |
The vuln CVE-2022-41128 has a tweet created 0 days ago and retweeted 10 times. twitter.com/BleepinCompute… #pow1rtrtwwcve | 2022-11-08 22:06:02 |
| @EurekaBerry |
パッチ公開前に悪用を確認しているのはWindows4件、 CVE-2022-41091 CVE-2022-41073 CVE-2022-41125 CVE-2022-41128 Exchange 2件 (9/30公開済み) CVE… twitter.com/i/web/status/1… | 2022-11-09 01:02:46 |
| @kawn2020 |
#windowsupdate #microsoft つづき ・CVE-2022-41128 Windows スクリプト言語のリモートでコードが実行される脆弱性 なお,CVE-2022-41091 については,すでに脆弱性情報が一般に公開されていたことを確認済 | 2022-11-09 02:42:16 |
| @__kokumoto |
マイクロソフトの2022年11月定例パッチが公開。68件の脆弱性が修正。 4件のゼロデイも: -CVE-2022-41128 JScript9における遠隔コード実行(Google TAGから) -CVE-2022-41091 M… twitter.com/i/web/status/1… | 2022-11-09 03:48:31 |
| @RedPacketSec |
Microsoft Windows Scripting Languages code execution | CVE-2022-41128 - redpacketsecurity.com/microsoft-wind… #CVE… twitter.com/i/web/status/1… | 2022-11-09 10:02:48 |
| @vuldb |
[CTI] Our CTI team identified a lot of activities targeting Microsoft Windows (CVE-2022-41128) vuldb.com/?ctiid.213160 | 2022-11-09 10:54:41 |
| @gostev |
Big patch Tuesday this week! The following 6 patched 0-days are already being exploited in the wild: CVE-2022-41128… twitter.com/i/web/status/1… | 2022-11-09 11:20:32 |
| @ColorTokensInc |
Emerging Vulnerability Found CVE-2022-41128 - Windows Scripting Languages Remote Code Execution Vulnerability. This… twitter.com/i/web/status/1… | 2022-11-09 22:26:55 |
 /r/k12cybersecurity |
MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, November 8, 2022 - PATCH: NOW | 2022-11-09 13:58:02 |
| /r/netcve |
CVE-2022-41128 | 2022-11-09 23:38:42 |