Msrc Windows Server 2008 vulnerabilities

CVE-2022-34719 [HIGH] Windows Distributed File System (DFS) Elevation of Privilege Vulnerability Windows Distributed File System (DFS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel. Windows Distributed File System (DFS): Windows Distri

CVE-2022-38005 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Pu

CVE-2022-34727 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-35836 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-30170 [HIGH] Windows Credential Roaming Service Elevation of Privilege Vulnerability Windows Credential Roaming Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user to log in to Windows. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited th

CVE-2022-35835 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-37956 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-34733 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-30200 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attac

CVE-2022-35834 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-34726 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-34734 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-34731 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-38004 [HIGH] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indic

CVE-2022-37955 [HIGH] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2022-37969 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker must already

CVE-2022-34728 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-35837 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the us

CVE-2022-38006 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the us

CVE-2022-30133 [CRITICAL] Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Poin