Microsoft patches vulnerability that lets attackers gain elevated access on Windows
It's worth grabbing the January 2022 Patch Tuesday updates for Windows to protect your PC.
What you need to know
- Researchers discovered a vulnerability in Windows that allows threat actors to create Admin accounts on PCs.
- All supported versions of Windows before the January 2022 Patch Tuesday updates can be affected by the vulnerability.
- Microsoft fixed the vulnerability with its January 2022 Patch Tuesday updates.
A security researcher recently shared details regarding a vulnerability in Windows that lets people gain elevated access to PCs (via Bleeping Computer). These types of vulnerabilities are relatively common and are often discovered, fixed, and then disclosed. They allow threat actors with access to a PC to open applications as an administrator or to create new admin accounts on a PC. This elevated access can then be used in various malicious ways.
Microsoft fixed the vulnerability in question, which is labeled as CVE-2022-21882, in its January 2022 Patch Tuesday updates. The vulnerability was discovered by RyeLv. Will Dorman, an analyst at CERT/CC, later confirmed that the vulnerability can be used to gain elevated access.
BleepingComputer was able to use the vulnerability to open the Notepad app with elevated privileges. Lawrence Abrams, the editor in chief of BleepingComputer, clarified that while he could only get the exploit to work on Windows 10 that it does affect Windows 11.
Since the vulnerability has already been fixed, many PCs are not affected by it. BleepingComputer notes, however, that some admins skipped the January 2022 Patch Tuesday updates because of a collection of critical bugs. As a result, some PCs remain vulnerable to the exploit.
Microsoft has since released updates to address the issues in the January 2022 Patch Tuesday updates, so it's probably worth upgrading now. If admins still decide to wait, all of the aforementioned fixes should ship to PCs in February 2022.
All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.
He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.
Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.
