Msrc Windows Rt 8.1 vulnerabilities

CVE-2022-21868 [HIGH] Windows Devices Human Interface Elevation of Privilege Vulnerability Windows Devices Human Interface Elevation of Privilege Vulnerability Windows Devices Human Interface: Windows Devices Human Interface Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.micro

CVE-2022-21908 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: htt

CVE-2022-21836 [HIGH] Windows Certificate Spoofing Vulnerability Windows Certificate Spoofing Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Plat

CVE-2022-21914 [HIGH] Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer

CVE-2022-21920 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited

CVE-2022-21919 [HIGH] Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7

CVE-2022-21875 [HIGH] Windows Storage Elevation of Privilege Vulnerability Windows Storage Elevation of Privilege Vulnerability Windows Storage: Windows Storage Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: https://sup

CVE-2022-21893 [HIGH] Remote Desktop Protocol Remote Code Execution Vulnerability Remote Desktop Protocol Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents. Windows RDP: Windows RDP Microsoft: Microsoft Customer Action Required: Yes Impact: Remo

CVE-2022-21834 [HIGH] Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework: Windows User-mode Driver Framework Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less L

CVE-2022-21862 [HIGH] Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model: Windows Application Model Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.c

CVE-2022-21890 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21870 [HIGH] Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface: Tablet Windows User Interface Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: ht

CVE-2022-21889 [HIGH] Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Windows IKE Extension: Windows IKE Extension Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.co

CVE-2022-21961 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21913 [MEDIUM] Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass FAQ: Where can I find more information? Please see KB5010265 adds AES encryption protections to the MS-LSAD protocol for CVE-2022-21913 for more information about how to protect yourself. Windows Local Security Authority: Windows Local Security Authority Microsoft: Microsoft Customer Action Required: Yes Imp

CVE-2022-21915 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Di

CVE-2022-21838 [MEDIUM] Windows Cleanup Manager Elevation of Privilege Vulnerability Windows Cleanup Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Windows Cleanup Manager: Windows Cleanup Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation

CVE-2022-21958 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21963 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.

CVE-2022-21928 [MEDIUM] Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? An attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability could also be exploited through a local attack vector.