Msrc Windows 11 Version 21H2 vulnerabilities

CVE-2022-21870 [HIGH] Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface: Tablet Windows User Interface Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: ht

CVE-2022-21873 [HIGH] Tile Data Repository Elevation of Privilege Vulnerability Tile Data Repository Elevation of Privilege Vulnerability Windows Tile Data Repository: Windows Tile Data Repository Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx

CVE-2022-21889 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21852 [HIGH] Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library: Windows DWM Core Library Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx

CVE-2022-21858 [HIGH] Windows Bind Filter Driver Elevation of Privilege Vulnerability Windows Bind Filter Driver Elevation of Privilege Vulnerability Windows Bind Filter Driver: Windows Bind Filter Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Sea

CVE-2021-36976 [MEDIUM] Libarchive Remote Code Execution Vulnerability Libarchive Remote Code Execution Vulnerability FAQ: Why is this a MITRE Corporation CVE? CVE-2021-36976 is regarding a vulnerability in the libarchive open source library which is used by Windows. The January 2022 Windows Security Updates include the most recent version of this library which addresses the vulnerability and others. Please see libarchive CVEs for more information regarding all of the vulnerabilities that have

CVE-2022-21876 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Inf

CVE-2022-21906 [MEDIUM] Windows Defender Application Control Security Feature Bypass Vulnerability Windows Defender Application Control Security Feature Bypass Vulnerability Windows Defender: Windows Defender Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/sit

CVE-2022-21961 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21913 [MEDIUM] Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass FAQ: Where can I find more information? Please see KB5010265 adds AES encryption protections to the MS-LSAD protocol for CVE-2022-21913 for more information about how to protect yourself. Windows Local Security Authority: Windows Local Security Authority Microsoft: Microsoft Customer Action Required: Yes Imp

CVE-2022-21915 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Di

CVE-2022-21900 [MEDIUM] Windows Hyper-V Security Feature Bypass Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability FAQ: What configurations or versions could be at risk from this vulnerability? This bypass could affect any Hyper-V configurations that are using Router Guard. What is the exposure if the vulnerability was bypassed? Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencin

CVE-2022-21838 [MEDIUM] Windows Cleanup Manager Elevation of Privilege Vulnerability Windows Cleanup Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Windows Cleanup Manager: Windows Cleanup Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation

CVE-2022-21958 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21963 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21928 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21959 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21877 [MEDIUM] Storage Spaces Controller Information Disclosure Vulnerability Storage Spaces Controller Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Storage Spaces Controller: Windows Storage Spaces

CVE-2013-3900 [MEDIUM] CWE-347 WinVerifyTrust Signature Validation Vulnerability WinVerifyTrust Signature Validation Vulnerability Description: Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, ex

CVE-2022-21918 [MEDIUM] DirectX Graphics Kernel File Denial of Service Vulnerability DirectX Graphics Kernel File Denial of Service Vulnerability Windows DirectX: Windows DirectX Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference