Msrc Windows Server 2008 vulnerabilities

CVE-2022-21833 [HIGH] Virtual Machine IDE Drive Elevation of Privilege Vulnerability Virtual Machine IDE Drive Elevation of Privilege Vulnerability Windows Virtual Machine IDE Drive: Windows Virtual Machine IDE Drive Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com

CVE-2022-21880 [HIGH] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft

CVE-2022-21922 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerabilit

CVE-2022-21851 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could be tricked into connecting to a malicious remote desktop server where the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) that targets the remote client's drive redirection virtual channel. The end result could lead to remote code execution o

CVE-2022-21908 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5009557 Reference: htt

CVE-2022-21836 [HIGH] Windows Certificate Spoofing Vulnerability Windows Certificate Spoofing Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Plat

CVE-2022-21914 [HIGH] Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer

CVE-2022-21920 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Windows Kerberos: Windows Kerberos Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited

CVE-2022-21919 [HIGH] Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7

CVE-2022-21834 [HIGH] Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Windows User-mode Driver Framework: Windows User-mode Driver Framework Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less L

CVE-2022-21862 [HIGH] Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model Core API Elevation of Privilege Vulnerability Windows Application Model: Windows Application Model Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.c

CVE-2022-21913 [MEDIUM] Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass FAQ: Where can I find more information? Please see KB5010265 adds AES encryption protections to the MS-LSAD protocol for CVE-2022-21913 for more information about how to protect yourself. Windows Local Security Authority: Windows Local Security Authority Microsoft: Microsoft Customer Action Required: Yes Imp

CVE-2022-21915 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Di

CVE-2013-3900 [MEDIUM] CWE-347 WinVerifyTrust Signature Validation Vulnerability WinVerifyTrust Signature Validation Vulnerability Description: Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, ex

CVE-2022-21924 [MEDIUM] Workstation Service Remote Protocol Security Feature Bypass Vulnerability Workstation Service Remote Protocol Security Feature Bypass Vulnerability Windows Workstation Service Remote Protocol: Windows Workstation Service Remote Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Re

CVE-2021-43215 [CRITICAL] iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution FAQ: How could an attacker exploit this vulnerability? An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution. FAQ: What is Windows iSNS? The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS

CVE-2021-43893 [HIGH] Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Windows Encrypting File System (EFS): Windows Encrypting File System (EFS) Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microso

CVE-2021-43883 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008218 Reference: https://support.microsoft

CVE-2021-43238 [HIGH] Windows Remote Access Elevation of Privilege Vulnerability Windows Remote Access Elevation of Privilege Vulnerability Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.a

CVE-2021-43236 [HIGH] Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Message Queuing: Windows Message Queuing Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploi