CVE-2022-37966Improper Privilege Management in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-269Improper Privilege Management18 documents11 sources
Severity
8.1HIGHNVD
OSV6.5OSV5.9
EPSS
1.4%
top 19.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
SambaMicrosoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2008 Service Pack 2+7 more
Timeline
PublishedNov 9
Latest updateMar 8

Description

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages11 packages

Also affects: Fedora 36, 37

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

6
OSV
samba vulnerabilities2023-03-08
OSV
samba regression2023-01-26
OSV
samba vulnerabilities2023-01-24
GHSA
GHSA-jrg7-vpcv-rf8r: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability2022-11-10
OSV
CVE-2022-37966: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability2022-11-09

📋Vendor Advisories

6
Ubuntu
Samba vulnerabilities2023-03-08
Ubuntu
Samba regression2023-01-26
Ubuntu
Samba vulnerabilities2023-01-24
Red Hat
samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.2022-12-16
Microsoft
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability2022-11-08

🕵️Threat Intelligence

5
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years).2022-11-08
Talos
Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities2022-11-08
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years). | Qualys2022-11-08
Talos
Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities2022-11-08
Crowdstrike
November 2022 Patch Tuesday: Updates and Analysis