Msrc Windows 10 vulnerabilities

CVE-2022-30133 [CRITICAL] Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Poin

CVE-2022-35744 [CRITICAL] Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Poin

CVE-2022-35771 [HIGH] Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Elev

CVE-2022-35795 [HIGH] Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Error Reporting: Windows Error Reporting Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-30194 [HIGH] Windows WebBrowser Control Remote Code Execution Vulnerability Windows WebBrowser Control Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does th

CVE-2022-35751 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2022-35768 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-35793 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerab

CVE-2022-34701 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP): Windows Secure Socket Tunneling Protocol (SSTP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Les

CVE-2022-35822 [HIGH] Windows Defender Credential Guard Security Feature Bypass Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Actio

CVE-2022-33670 [HIGH] Windows Partition Management Driver Elevation of Privilege Vulnerability Windows Partition Management Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Partition Management Driver: Windows Partition Management Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevatio

CVE-2022-35749 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-35746 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-34703 [HIGH] Windows Partition Management Driver Elevation of Privilege Vulnerability Windows Partition Management Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Partition Management Driver: Windows Partition Management Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevatio

CVE-2022-35743 [HIGH] Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself

CVE-2022-34303 [MEDIUM] CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in addition to the normal security updat

CVE-2022-34711 [HIGH] Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-34301 [MEDIUM] CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in addition to the normal security updates to

CVE-2022-35767 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a spe

CVE-2022-35755 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited thi