Msrc Windows 8.1 vulnerabilities

CVE-2022-22023 [MEDIUM] Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could bypass "Deny Read/Write USB devices" Group Policy settings and access USB devices attached to a vulnerable system. Windows Portable De

CVE-2022-30213 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microso

CVE-2022-30160 [HIGH] Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Windows ALPC: Windows ALPC Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft

CVE-2022-30147 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014692 Refere

CVE-2022-30153 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious LDAP server usi

CVE-2022-30146 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. FAQ: According to the CVSS metric, the attack ve

CVE-2022-30141 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. FAQ: Are there any special conditions necessar

CVE-2022-30166 [HIGH] Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Softwa

CVE-2022-21125 [MEDIUM] Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the

CVE-2022-30149 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. FAQ: According to the CVSS metric, the attack ve

CVE-2022-21127 [MEDIUM] Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in

CVE-2022-30151 [HIGH] Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Ancillary Function Driver for WinSock: Windows Ancillary Function Driver for WinSock Microso

CVE-2022-30142 [HIGH] Windows File History Remote Code Execution Vulnerability Windows File History Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to

CVE-2022-30143 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: Are there any special conditions necessary for this vulnerability to be exploitable? Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more

CVE-2022-21166 [MEDIUM] Intel: CVE-2022-21166 Device Register Partial Write (DRPW) Intel: CVE-2022-21166 Device Register Partial Write (DRPW) FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in the Security Update Guide to announce that th

CVE-2022-21123 [MEDIUM] Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the latest b

CVE-2022-30140 [HIGH] Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires a user to place a call to trigger the vulnerability. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

CVE-2022-30152 [HIGH] Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT): Windows Network Address Translation (NAT) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Refere

CVE-2022-30161 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server

CVE-2022-30164 [HIGH] Kerberos AppContainer Security Feature Bypass Vulnerability Kerberos AppContainer Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker could bypass the Kerberos service ticketing feature which performs user access control checks. FAQ: How could an attacker exploit this vulnerability? An low privilege attacker could execute a script within an App Container to request a service