Msrc Windows 10 Version 1607 vulnerabilities

CVE-2022-21908 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: htt

CVE-2022-21836 [HIGH] Windows Certificate Spoofing Vulnerability Windows Certificate Spoofing Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Plat

CVE-2022-21914 [HIGH] Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer

CVE-2022-21920 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited

CVE-2022-21919 [HIGH] Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7

CVE-2022-21875 [HIGH] Windows Storage Elevation of Privilege Vulnerability Windows Storage Elevation of Privilege Vulnerability Windows Storage: Windows Storage Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: https://sup

CVE-2022-21893 [HIGH] Remote Desktop Protocol Remote Code Execution Vulnerability Remote Desktop Protocol Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents. Windows RDP: Windows RDP Microsoft: Microsoft Customer Action Required: Yes Impact: Remo

CVE-2022-21834 [HIGH] Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework: Windows User-mode Driver Framework Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less L

CVE-2022-21862 [HIGH] Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model: Windows Application Model Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.c

CVE-2022-21874 [HIGH] Windows Security Center API Remote Code Execution Vulnerability Windows Security Center API Remote Code Execution Vulnerability Windows Security Center: Windows Security Center Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.as

CVE-2022-21890 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21878 [HIGH] Windows Geolocation Service Remote Code Execution Vulnerability Windows Geolocation Service Remote Code Execution Vulnerability Windows Geolocation Service: Windows Geolocation Service Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2022-21870 [HIGH] Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface: Tablet Windows User Interface Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: ht

CVE-2022-21873 [HIGH] Tile Data Repository Elevation of Privilege Vulnerability Tile Data Repository Elevation of Privilege Vulnerability Windows Tile Data Repository: Windows Tile Data Repository Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx

CVE-2022-21889 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21863 [HIGH] Windows StateRepository API Server file Elevation of Privilege Vulnerability Windows StateRepository API Server file Elevation of Privilege Vulnerability Windows StateRepository API: Windows StateRepository API Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.upda

CVE-2022-21876 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Inf

CVE-2022-21961 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21913 [MEDIUM] Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass FAQ: Where can I find more information? Please see KB5010265 adds AES encryption protections to the MS-LSAD protocol for CVE-2022-21913 for more information about how to protect yourself. Windows Local Security Authority: Windows Local Security Authority Microsoft: Microsoft Customer Action Required: Yes Imp

CVE-2022-21915 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Di