Share via

Is Sysmon 14.12 still vulnerable to CVE-2022-41120

JL 141 Reputation points
2022-11-11T06:17:20.267+00:00

Hello I was just wondering whether new release of sysmon v14.12 is still vulnerable to CVE-2022-41120 as there is no mention of it explicitly within release notes.

https://techcommunity.microsoft.com/t5/sysinternals-blog/process-explorer-v17-02-and-sysmon-v14-12/ba-p/3673982?s=09

additional info about CVE-2022-41120 is here:

[1] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41120

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41120

[3] https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

[4] https://twitter.com/filip_dragovic/status/1590052248260055041?s=20&t=UcHUZQojzGTgC0zNykEA9g

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,234 questions
0 comments
Accepted answer
  1. Michael_N 961 Reputation points
    2022-11-16T06:56:01.747+00:00

    Yes unfortunately. According to the researcher who found the vulnerability (Filip Dragovic), v14.12 is also vulnerable.
    Please see https://twitter.com/filip_dragovic/status/1591170093823979521 and note that Filip mistyped the version as 14.2 (instead of 14.12).

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kevin & Leah Branch 6 Reputation points
    2022-11-21T20:13:23.14+00:00

    Ouch, so are versions older than 14.x affected by this? Can we count on 13.34 being safe from this vulnerability? I am really uncomfortable with how the official MS vulnerability page does not mention anything about what Sysmon versions are or are not affected by this.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.