KEV · Actively exploited
CVE-2022-41049
HIGH 5.4
KEV
Windows Mark of the Web Security Feature Bypass Vulnerability
EPSS
13.23%
moderate exploit risk
percentile 94.3%
CISA Known Exploited Vulnerability
- Added to KEV
- 2022-11-14
- Remediation deadline
- 2022-12-09
- Required action
- Apply updates per vendor instructions.
- Ransomware
- No
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2022 (Server Core installation) 10.0.20348.1251 Windows Server 2022 10.0.20348.1251 Windows Server 2019 (Server Core installation) 10.0.17763.3650 Windows Server 2019 10.0.17763.3650 Windows Server 2016 (Server Core installation) 10.0.14393.5501 Windows Server 2016 10.0.14393.5501 Windows 11 22H2 · 2022-H2 10.0.22621.819 Windows 11 21H2 · 2021-H2 10.0.22000.1219 Windows 10 22H2 · 2022-H2 10.0.19045.2251 Windows 10 21H2 · 2021-H2 10.0.19044.2251 Windows 10 21H1 · 2021-H1 10.0.19043.2251 Windows 10 20H2 · 2020-H2 10.0.19042.2251 Windows 10 1809 · 2018-09 10.0.17763.3650 Windows 10 1607 · 2016-07 10.0.14393.5501