CVE-2022-21919 Microsoft CVE debrief

Who should care

Windows administrators, endpoint security teams, vulnerability management owners, and incident responders responsible for Microsoft Windows systems should prioritize this CVE, especially where rapid patching and compliance with CISA KEV timelines are required.

Technical summary

The supplied record identifies CVE-2022-21919 as a Microsoft Windows User Profile Service privilege escalation vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-04-25 and lists the required action as applying updates per vendor instructions. No CVSS score or additional technical exploitation details are included in the supplied corpus.

Defensive priority

High. KEV inclusion indicates known exploitation and a need for prompt remediation within the published due date window.

Recommended defensive actions

• Apply Microsoft updates per vendor instructions as soon as practical.
• Verify asset coverage for Windows systems that may be affected by this advisory.
• Track remediation against the CISA KEV due date of 2022-05-16.
• Confirm patch status in vulnerability management and endpoint tooling after deployment.

Evidence notes

This debrief is based on the supplied CISA KEV source item and official record links only. The corpus provides the CVE title, KEV inclusion date, due date, and required action, but does not include a CVSS score or further exploit details. Timing references use the provided CVE and source dates, not generation time.

Official resources