Msrc Windows 10 Version 21H1 For Arm64-Based Systems vulnerabilities

CVE-2022-41114 [HIGH] Windows Bind Filter Driver Elevation of Privilege Vulnerability Windows Bind Filter Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited th

CVE-2022-41092 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

CVE-2022-37973 [HIGH] Windows Local Session Manager (LSM) Denial of Service Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information. FAQ: According to the CVSS metric, privileges required is low (

CVE-2022-38050 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitat

CVE-2022-38046 [HIGH] Web Account Manager Information Disclosure Vulnerability Web Account Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view unbound refresh tokens issued by one cloud on a different cloud. Windows Web Account Manager: Windows Web Account Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Statu

CVE-2022-37980 [HIGH] Windows DHCP Client Elevation of Privilege Vulnerability Windows DHCP Client Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could leverage a specially crafted RPC call to the DHCP service to exploit this vulnerability. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37998 [HIGH] Windows Local Session Manager (LSM) Denial of Service Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than

CVE-2022-37970 [HIGH] Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an exe

CVE-2022-37983 [HIGH] Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an

CVE-2022-38039 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-38016 [HIGH] Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer is

CVE-2022-38030 [MEDIUM] Windows USB Serial Driver Information Disclosure Vulnerability Windows USB Serial Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unintentional read access from uninitialized memory, which can be from either kernel memory or another user-mode process. Windows USB Serial Driver: Windows USB Serial

CVE-2022-30196 [HIGH] Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending specially crafted network traffic to the TLS server and could cause it to crash. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this

CVE-2022-37954 [HIGH] DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-35763 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability.

CVE-2022-30144 [HIGH] Windows Bluetooth Service Remote Code Execution Vulnerability Windows Bluetooth Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include

CVE-2022-34705 [HIGH] Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-35766 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a spe

CVE-2022-35794 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a spe

CVE-2022-35792 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability.