CVE-2022-35763: Elevation of Privilege in Microsoft Windows 10 Version 1809
Storage Spaces Direct Elevation of Privilege Vulnerability
AI Analysis
Technical Summary
CVE-2022-35763 is a high-severity elevation of privilege vulnerability affecting Microsoft Windows 10 Version 1809, specifically version 10.0.17763.0. The vulnerability resides in the Storage Spaces Direct component, a feature that enables the creation of highly available and scalable storage using local storage on multiple servers. The flaw allows an attacker with limited privileges (local access with low privileges) to escalate their privileges to higher levels, potentially SYSTEM level, without requiring user interaction. The CVSS 3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, as the vulnerability can be exploited locally with low complexity and no user interaction. The vulnerability is classified under CWE-269 (Improper Privilege Management), indicating that the system fails to properly enforce access controls. Although no known exploits are reported in the wild, the vulnerability presents a serious risk if an attacker gains local access to a vulnerable system. Exploitation could allow attackers to execute arbitrary code with elevated privileges, modify or delete sensitive data, or disrupt system availability. The vulnerability was published on August 9, 2022, and no patch links are provided in the data, suggesting that organizations must verify patch availability and apply updates promptly to remediate the issue.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for enterprises and public sector entities still running Windows 10 Version 1809 in their infrastructure. The ability to elevate privileges locally can facilitate lateral movement within networks, enabling attackers to compromise critical systems and sensitive data. This is particularly concerning for organizations handling regulated data under GDPR, as unauthorized access or data modification could lead to compliance violations and substantial fines. The Storage Spaces Direct feature is often used in data centers and enterprise storage solutions, so organizations relying on this technology may face increased risk of disruption or data breaches. Additionally, the lack of known exploits in the wild does not diminish the threat, as attackers could develop exploits given the public disclosure. The vulnerability could also be leveraged in targeted attacks against high-value European targets, including government agencies, financial institutions, and critical infrastructure operators.
Mitigation Recommendations
European organizations should immediately verify if any systems are running Windows 10 Version 1809 (build 10.0.17763.0) and specifically using Storage Spaces Direct. They should prioritize patch management by checking Microsoft's official security update catalogs or security advisories for patches addressing CVE-2022-35763 and apply them without delay. If patches are not yet available, organizations should consider temporary mitigations such as restricting local access to trusted users only, enforcing strict access controls, and monitoring for suspicious local privilege escalation attempts through enhanced logging and endpoint detection and response (EDR) tools. Network segmentation can limit the impact of a compromised host. Additionally, organizations should review and harden Storage Spaces Direct configurations to minimize attack surface. Regularly auditing user privileges and applying the principle of least privilege will reduce the risk of exploitation. Finally, maintaining up-to-date backups and incident response plans will help mitigate potential damage from exploitation.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Finland
CVE-2022-35763: Elevation of Privilege in Microsoft Windows 10 Version 1809
Description
Storage Spaces Direct Elevation of Privilege Vulnerability
AI-Powered Analysis
Technical Analysis
CVE-2022-35763 is a high-severity elevation of privilege vulnerability affecting Microsoft Windows 10 Version 1809, specifically version 10.0.17763.0. The vulnerability resides in the Storage Spaces Direct component, a feature that enables the creation of highly available and scalable storage using local storage on multiple servers. The flaw allows an attacker with limited privileges (local access with low privileges) to escalate their privileges to higher levels, potentially SYSTEM level, without requiring user interaction. The CVSS 3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, as the vulnerability can be exploited locally with low complexity and no user interaction. The vulnerability is classified under CWE-269 (Improper Privilege Management), indicating that the system fails to properly enforce access controls. Although no known exploits are reported in the wild, the vulnerability presents a serious risk if an attacker gains local access to a vulnerable system. Exploitation could allow attackers to execute arbitrary code with elevated privileges, modify or delete sensitive data, or disrupt system availability. The vulnerability was published on August 9, 2022, and no patch links are provided in the data, suggesting that organizations must verify patch availability and apply updates promptly to remediate the issue.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for enterprises and public sector entities still running Windows 10 Version 1809 in their infrastructure. The ability to elevate privileges locally can facilitate lateral movement within networks, enabling attackers to compromise critical systems and sensitive data. This is particularly concerning for organizations handling regulated data under GDPR, as unauthorized access or data modification could lead to compliance violations and substantial fines. The Storage Spaces Direct feature is often used in data centers and enterprise storage solutions, so organizations relying on this technology may face increased risk of disruption or data breaches. Additionally, the lack of known exploits in the wild does not diminish the threat, as attackers could develop exploits given the public disclosure. The vulnerability could also be leveraged in targeted attacks against high-value European targets, including government agencies, financial institutions, and critical infrastructure operators.
Mitigation Recommendations
European organizations should immediately verify if any systems are running Windows 10 Version 1809 (build 10.0.17763.0) and specifically using Storage Spaces Direct. They should prioritize patch management by checking Microsoft's official security update catalogs or security advisories for patches addressing CVE-2022-35763 and apply them without delay. If patches are not yet available, organizations should consider temporary mitigations such as restricting local access to trusted users only, enforcing strict access controls, and monitoring for suspicious local privilege escalation attempts through enhanced logging and endpoint detection and response (EDR) tools. Network segmentation can limit the impact of a compromised host. Additionally, organizations should review and harden Storage Spaces Direct configurations to minimize attack surface. Regularly auditing user privileges and applying the principle of least privilege will reduce the risk of exploitation. Finally, maintaining up-to-date backups and incident response plans will help mitigate potential damage from exploitation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2022-07-13T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6838b90d182aa0cae28b8c70
Added to database: 5/29/2025, 7:44:13 PM
Last enriched: 7/7/2025, 10:12:38 PM
Last updated: 8/9/2025, 6:16:15 PM
Views: 16
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
UnknownActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.