CVE-2022-34723: Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 5.5)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Sep

Released

2022-09-13

EPSS Score

4.31% (percentile: 88.9%)

FAQ

What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view the data protection API (DPAPI) master key.

Affected Products (2)

Windows

• Windows 11 version 21H2 for x64-based Systems
• Windows 11 version 21H2 for ARM64-based Systems

Security Updates (1)

• 5017328

Revision History

• 2022-09-13: Information published.