CVE-2022-38000 — Race Condition in Microsoft Windows 10 Version 1507

CWE-362 — Race Condition6 documents5 sources

Severity

8.1HIGHNVD

EPSS

1.0%

top 22.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +17 more

Timeline

PublishedOct 11

Latest updateJul 8

Description

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages20 packages

▶CVEListV5microsoft/windows_76.1.0 — 6.1.7601.26174

▶CVEListV5microsoft/windows_8.16.3.0 — 6.3.9600.20625

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.23920

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.5427

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.3532

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities↗2025-07-08

▶

OSV

linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities↗2025-07-08

▶

GHSA

GHSA-32mx-364x-qgq2: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability↗2022-10-12

▶

CVEList

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability↗2022-10-11

▶

📋Vendor Advisories

Microsoft

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability↗2022-10-11

▶