Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2022-22717 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privile

CVE-2022-22710 [MEDIUM] Windows Common Log File System Driver Denial of Service Vulnerability Windows Common Log File System Driver Denial of Service Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://c

CVE-2022-22002 [MEDIUM] Windows User Account Profile Picture Denial of Service Vulnerability Windows User Account Profile Picture Denial of Service Vulnerability Windows User Account Profile: Windows User Account Profile Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.micros

CVE-2022-21985 [MEDIUM] Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Required: Ye

CVE-2022-21998 [MEDIUM] Windows Common Log File System Driver Information Disclosure Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Common Log File System Dri

CVE-2022-21849 [CRITICAL] Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated. Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Custo

CVE-2021-22947 [MEDIUM] Open Source Curl Remote Code Execution Vulnerability Open Source Curl Remote Code Execution Vulnerability FAQ: Why is this a Hacker One CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The January 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addres

CVE-2022-21848 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21843 [HIGH] Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https:/

CVE-2022-21881 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: https://support

CVE-2022-21861 [HIGH] Task Flow Data Engine Elevation of Privilege Vulnerability Task Flow Data Engine Elevation of Privilege Vulnerability Windows Task Flow Data Engine: Windows Task Flow Data Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.

CVE-2022-21864 [HIGH] Windows UI Immersive Server API Elevation of Privilege Vulnerability Windows UI Immersive Server API Elevation of Privilege Vulnerability Windows UI Immersive Server: Windows UI Immersive Server Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com

CVE-2022-21883 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21871 [HIGH] Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Windows Diagnostic Hub: Windows Diagnostic Hub Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: http

CVE-2022-21850 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Windows RDP: Windows RDP Microsoft: Microsoft C

CVE-2022-21866 [HIGH] Windows System Launcher Elevation of Privilege Vulnerability Windows System Launcher Elevation of Privilege Vulnerability Windows System Launcher: Windows System Launcher Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=K

CVE-2022-21857 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: What is the scope of this security update? This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary under certain conditions. Windows Active Directory: Windows Ac

CVE-2022-21835 [HIGH] Microsoft Cryptographic Services Elevation of Privilege Vulnerability Microsoft Cryptographic Services Elevation of Privilege Vulnerability Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.micro

CVE-2022-21882 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Discl

CVE-2022-21885 [HIGH] Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Ref