Windows Kerberos
CVE-2022-33679 — Windows Kerberos Elevation of Privilege Vulnerability
Executive Summary
None
Overview
8.1
CVSS HIGH
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
ATTACK VECTOR
Network
ATTACK COMPLEXITY
High
PRIVILEGES REQUIRED
None
USER INTERACTION
None
SCOPE
Unchanged
CONFIDENTIALITY
High
INTEGRITY
High
AVAILABILITY
High
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 7.3
EPSS Score
0.08355
probability of exploitation in the next 30 days
0.94243 percentile - updated 2026-06-21
View on FIRST.org
Affected Products
4 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 5017358 (Monthly Rollup) 5017371 (Security Only) Important Elevation of Privilege 5016669 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.0.6003.21666 Yes 5017358 5017371 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5017358 (Monthly Rollup) 5017371 (Security Only) Important Elevation of Privilege 5016669 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.0.6003.21666 Yes 5017358 5017371 Windows Server 2008 for x64-based Systems Service Pack 2 5017358 (Monthly Rollup) 5017371 (Security Only) Important Elevation of Privilege 5016669 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.0.6003.21666 Yes 5017358 5017371 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5017358 (Monthly Rollup) 5017371 (Security Only) Important Elevation of Privilege 5016669 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.0.6003.21666 Yes 5017358 5017371 Windows Server 2008 R2 for x64-based Systems Service Pack 1 5017361 (Monthly Rollup) 5017373 (Security Only) Important Elevation of Privilege 5016676 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.1.7601.26115 Yes 5017361 5017373 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5017361 (Monthly Rollup) 5017373 (Security Only) Important Elevation of Privilege 5016676 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.1.7601.26115 Yes 5017361 5017373 Windows Server 2012 5017370 (Monthly Rollup) 5017377 (Security Only) Important Elevation of Privilege 5016672 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.2.9200.23865 Yes 5017370 5017377 Windows Server 2012 (Server Core installation) 5017370 (Monthly Rollup) 5017377 (Security Only) Important Elevation of Privilege 5016672 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.2.9200.23865 Yes 5017370 5017377 Windows Server 2012 R2 5017367 (Monthly Rollup) 5017365 (Security Only) Important Elevation of Privilege 5016681 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.3.9600.20571 Yes 5017367 5017365 Windows Server 2012 R2 (Server Core installation) 5017367 (Monthly Rollup) 5017365 (Security Only) Important Elevation of Privilege 5016681 Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 6.3.9600.20571 Yes 5017367 5017365 Windows Server 2016 | 5017305 (Security Update) |
Important | Elevation of Privilege | Yes |
| Windows Server 2016 (Server Core installation) | 5017305 (Security Update) |
Important | Elevation of Privilege | Yes |
| Windows Server 2019 | 5017315 (Security Update) |
Important | Elevation of Privilege | Yes |
| Windows Server 2019 (Server Core installation) | 5017315 (Security Update) |
Important | Elevation of Privilege | Yes |
Patches
2 patches
| Article | Type | Restart |
|---|---|---|
5017305 |
Security Update | Yes |
5017315 |
Security Update | Yes |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
References
On This Page