Msrc Windows 10 Version 22H2 vulnerabilities

CVE-2022-41097 [MEDIUM] Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Network Policy Server (NPS): Network Policy Server (NPS) Microsoft: Microsoft Customer Action Required: Yes Impact: Info

CVE-2022-41091 [MEDIUM] Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability FAQ: How could an attacker exploit the vulnerability? In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Comp

CVE-2022-41090 [MEDIUM] Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Point Tunneling Protocol Microsoft: Microsoft Customer

CVE-2022-41099 [MEDIUM] BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. FAQ: Are there additional steps that I need to take to be p

CVE-2022-26928 [HIGH] Windows Photo Import API Elevation of Privilege Vulnerability Windows Photo Import API Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this

CVE-2020-35538 [MEDIUM] CWE-476 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2022-29900 [MEDIUM] AMD: CVE-2022-29900 AMD CPU Branch Type Confusion AMD: CVE-2022-29900 AMD CPU Branch Type Confusion FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the

CVE-2013-3900 [MEDIUM] CWE-347 WinVerifyTrust Signature Validation Vulnerability WinVerifyTrust Signature Validation Vulnerability Description: Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, ex

CVE-2021-34527 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user