Msrc Windows 11 Version 22H2 vulnerabilities

CVE-2022-37991 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-38042 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: What privileges could be gained by an attacker who successfully exploi

CVE-2022-41033 [HIGH] Windows COM+ Event System Service Elevation of Privilege Vulnerability Windows COM+ Event System Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows COM+ Event System Service: Windows COM+ Event System Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-33635 [HIGH] Windows GDI+ Remote Code Execution Vulnerability Windows GDI+ Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-ba

CVE-2022-37984 [HIGH] Windows WLAN Service Elevation of Privilege Vulnerability Windows WLAN Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows WLAN Service: Windows WLAN Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2022-38021 [HIGH] Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker w

CVE-2022-37978 [HIGH] Windows Active Directory Certificate Services Security Feature Bypass Windows Active Directory Certificate Services Security Feature Bypass FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack

CVE-2022-30198 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-38000 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-37994 [HIGH] Windows Group Policy Preference Client Elevation of Privilege Vulnerability Windows Group Policy Preference Client Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy Preference Client: Windows Group Policy Preference Client Microsoft: Microsoft Customer Action Required: Yes Impa

CVE-2022-38051 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-38045 [HIGH] Windows Server Service Elevation of Privilege Vulnerability Windows Server Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclos

CVE-2022-24504 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What doe

CVE-2022-37987 [HIGH] Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Client Server Run-time Subsystem (CSRSS): Client Server Run-time Subsystem (CSRSS) Microsoft: Microsoft Customer Ac

CVE-2022-38040 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-37981 [MEDIUM] Windows Event Logging Service Denial of Service Vulnerability Windows Event Logging Service Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Windows Event Logging Service: Windows Event Logging Service Microsoft: Microsoft

CVE-2022-37965 [MEDIUM] Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Remote Access Service Point-to-Point Tunneling Protocol: Remote Access Service Point-to-Point Tunneling Protocol Mic

CVE-2022-37985 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-37996 [MEDIUM] Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action

CVE-2022-38043 [MEDIUM] Windows Security Support Provider Interface Information Disclosure Vulnerability Windows Security Support Provider Interface Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: How the attacker exploit this vulnerability? A locally authenticated attacker can create a specially crafted request which crashes the client on