Microsoft patches vulnerability that lets attackers gain elevated access on Windows

Windows 11 Update Windowsupdate Estimate New Light
Windows 11 Update Windowsupdate Estimate New Light (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Researchers discovered a vulnerability in Windows that allows threat actors to create Admin accounts on PCs.
  • All supported versions of Windows before the January 2022 Patch Tuesday updates can be affected by the vulnerability.
  • Microsoft fixed the vulnerability with its January 2022 Patch Tuesday updates.

A security researcher recently shared details regarding a vulnerability in Windows that lets people gain elevated access to PCs (via Bleeping Computer). These types of vulnerabilities are relatively common and are often discovered, fixed, and then disclosed. They allow threat actors with access to a PC to open applications as an administrator or to create new admin accounts on a PC. This elevated access can then be used in various malicious ways.

Microsoft fixed the vulnerability in question, which is labeled as CVE-2022-21882 (opens in new tab), in its January 2022 Patch Tuesday updates. The vulnerability was discovered by RyeLv. Will Dorman, an analyst at CERT/CC, later confirmed that the vulnerability can be used to gain elevated access.

BleepingComputer was able to use the vulnerability to open the Notepad app with elevated privileges. Lawrence Abrams, the editor in chief of BleepingComputer, clarified that while he could only get the exploit to work on Windows 10 that it does affect Windows 11.

Since the vulnerability has already been fixed, many PCs are not affected by it. BleepingComputer notes, however, that some admins skipped the January 2022 Patch Tuesday updates because of a collection of critical bugs. As a result, some PCs remain vulnerable to the exploit.

Microsoft has since released updates to address the issues in the January 2022 Patch Tuesday updates, so it's probably worth upgrading now. If admins still decide to wait, all of the aforementioned fixes should ship to PCs in February 2022.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at (opens in new tab).

  • So, how many hours do I need to leave things on to get the complete upgrade? 8 hours, like the MS clown assured us? And, then another 8 hours patch the patch to the House that Gates Built?
  • What are you even asking?
  • I guess they are making fun of the article referring to the time needed for Windows to update itself. I don't know about you, but I usually manually hit the updates button.