Appsecure logo

CVE-2022-35792: High Vulnerability in Microsoft Windows Storage Spaces Direct

CVE-2022-35792 is a high-severity elevation of privilege vulnerability in Microsoft Storage Spaces Direct. It affects multiple Windows versions and requires immediate patching to mitigate risks.

HIGHCVSS 7.8 · Published August 9, 2022

Not a customer? See how AppSecure simulates real world attacks to protect your infrastructure.

Speak to Experts

CVE-2022-35792 is classified as a high-severity vulnerability in Microsoft’s Storage Spaces Direct feature. This vulnerability allows for elevation of privilege, enabling attackers with low privileges to execute arbitrary code with elevated rights. Given its CVSS score of 7.8, organizations should prioritize remediation efforts to safeguard their environments.

The vulnerability affects several Windows versions, including Windows 10 (various builds), Windows 11, and Windows Server versions 2016, 2019, and 2022. The risk to organizations includes potential unauthorized access to sensitive data and system manipulation if the vulnerability is exploited.

Currently, there is no known public exploit for this vulnerability, but the potential impact is significant given the nature of the privilege escalation. Organizations should address this vulnerability in their patch cycle to reduce exposure.

Organizations should prioritize patching immediately to mitigate risks associated with CVE-2022-35792.

Vulnerability Details

The official description of CVE-2022-35792 states that it is a Storage Spaces Direct Elevation of Privilege Vulnerability. The CVSS 3.1 score of 7.8 reflects its high severity, indicating a substantial risk to systems. This vulnerability is primarily associated with local attack vectors, requiring low privileges and no user interaction, which increases its exploitability.

The affected products include various builds of Windows 10, Windows 11, and Windows Server versions from 2016 to 2022. The vulnerability was published on August 9, 2022, and has been modified since then, indicating ongoing attention from Microsoft.

Technical Analysis

The root cause of this vulnerability lies within the Storage Spaces Direct feature, where improper handling of user permissions can lead to elevation of privilege. The attack vector is local, meaning that an attacker must have physical or remote access to the system in a local context.

The attack complexity is classified as low, requiring only low privileges to exploit the vulnerability. No user interaction is required, which increases the likelihood of successful exploitation. The impacts of this vulnerability include high confidentiality, integrity, and availability impacts, making it critical for organizations to address.

Risk & Impact Analysis

The real-world risk associated with CVE-2022-35792 is significant due to the nature of the privilege escalation it enables. Attackers may leverage this vulnerability to gain unauthorized access to critical systems, potentially leading to data breaches or system compromises. Given the broad range of affected products, the blast radius is substantial.

Organizations should assess their exposure to this vulnerability based on their deployment of affected Microsoft products. The urgency for remediation is high, as the potential for exploitation could lead to severe consequences if not addressed promptly.

Signal

Status

Known Exploit

No

Public PoC

No

Actively Exploited

No

Ransomware Use

No

Affected Versions

The following versions of Microsoft Windows are affected by this vulnerability: Windows 10 (20H2, 21H1, 21H2, 1607, 1809), Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Organizations should ensure they are running the latest updates to mitigate the risk.

Mitigation & Remediation

Microsoft has released patches to address CVE-2022-35792. Organizations should prioritize applying these updates to their systems. If immediate patching is not possible, consider implementing workarounds, such as restricting access to affected features and monitoring for unusual activity.

For continuous assessment of vulnerabilities, organizations should engage in continuous penetration testing to ensure all vulnerabilities are identified and managed effectively.

Detection Guidance

Organizations should monitor logs for indicators of exploitation of this vulnerability. Look for behavioral anomalies that may indicate privilege escalation attempts. Network signatures associated with unauthorized access should also be monitored, along with any significant system changes.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-35792 highlights the importance of maintaining robust security practices for Windows environments. This vulnerability serves as a reminder of the potential for privilege escalation attacks and the need for regular security assessments.

Security teams should take this opportunity to review their vulnerability management programs, ensuring they are prepared to address similar issues proactively. Engaging in vulnerability management best practices will strengthen defenses against future threats.

Furthermore, organizations can enhance their security posture by adopting a comprehensive approach to penetration testing methodology, ensuring that all potential vulnerabilities are identified and mitigated effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Latest CVEs. Recently published vulnerabilities from the NVD database.

View all vulnerabilities
CVE IDSeverity
CVE-2025-65418HIGH
CVE-2025-65417MEDIUM
CVE-2025-65416MEDIUM
CVE-2025-65415MEDIUM
CVE-2025-61314HIGH

Protect Your Business with Hacker-Focused Approach.