Msrc Windows Server 2008 R2 vulnerabilities

CVE-2022-37991 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-38042 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: What privileges could be gained by an attacker who successfully exploi

CVE-2022-41033 [HIGH] Windows COM+ Event System Service Elevation of Privilege Vulnerability Windows COM+ Event System Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows COM+ Event System Service: Windows COM+ Event System Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-33635 [HIGH] Windows GDI+ Remote Code Execution Vulnerability Windows GDI+ Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-ba

CVE-2022-37978 [HIGH] Windows Active Directory Certificate Services Security Feature Bypass Windows Active Directory Certificate Services Security Feature Bypass FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack

CVE-2022-30198 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-38000 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-37994 [HIGH] Windows Group Policy Preference Client Elevation of Privilege Vulnerability Windows Group Policy Preference Client Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy Preference Client: Windows Group Policy Preference Client Microsoft: Microsoft Customer Action Required: Yes Impa

CVE-2022-38051 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-24504 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What doe

CVE-2022-37987 [HIGH] Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Client Server Run-time Subsystem (CSRSS): Client Server Run-time Subsystem (CSRSS) Microsoft: Microsoft Customer Ac

CVE-2022-38040 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-37981 [MEDIUM] Windows Event Logging Service Denial of Service Vulnerability Windows Event Logging Service Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Windows Event Logging Service: Windows Event Logging Service Microsoft: Microsoft

CVE-2022-37985 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-38043 [MEDIUM] Windows Security Support Provider Interface Information Disclosure Vulnerability Windows Security Support Provider Interface Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: How the attacker exploit this vulnerability? A locally authenticated attacker can create a specially crafted request which crashes the client on

CVE-2022-37977 [MEDIUM] Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Sof

CVE-2022-38033 [MEDIUM] Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploits this vulnerability would be able to remotely read registry keys under HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine not normally accessible to a norma

CVE-2022-38032 [MEDIUM] Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could bypass "Deny Read/Write USB devices" Group Policy settings and access USB devices attached to a vulnerable system. Windows Portable De

CVE-2022-38026 [MEDIUM] Windows DHCP Client Information Disclosure Vulnerability Windows DHCP Client Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. Windows DHCP Client: Windows DHCP Client Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Late

CVE-2022-35770 [MEDIUM] Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited: