Msrc Windows 7 vulnerabilities

CVE-2022-41128 [HIGH] Windows Scripting Languages Remote Code Execution Vulnerability Windows Scripting Languages Remote Code Execution Vulnerability FAQ: The CVE title says Windows Scripting Languages, what does that mean for this vulnerability? This vulnerability impacts the JScript9 scripting language. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows

CVE-2022-41047 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-23824 [MEDIUM] AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions FAQ: Are any additional steps required to protect my system after installing the November Windows updates? Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative executi

CVE-2022-41095 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-41039 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. FAQ: According to the CVSS metric, the attack complexity is

CVE-2022-41109 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

CVE-2022-41073 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Pu

CVE-2022-41058 [HIGH] Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT): Windows Network Address Translation (NAT) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Refere

CVE-2022-41056 [HIGH] Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability Network Policy Server (NPS): Network Policy Server (NPS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.upd

CVE-2022-41098 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially cr

CVE-2022-41086 [MEDIUM] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerabili

CVE-2022-41097 [MEDIUM] Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Network Policy Server (NPS): Network Policy Server (NPS) Microsoft: Microsoft Customer Action Required: Yes Impact: Info

CVE-2022-41090 [MEDIUM] Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Point Tunneling Protocol Microsoft: Microsoft Customer

CVE-2022-38041 [HIGH] Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel: Windows Secure Channel Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5018419 R

CVE-2022-22035 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-37990 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-37982 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-37975 [HIGH] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Dis

CVE-2022-38047 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What doe

CVE-2022-37986 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more