Msrc Windows Server 2012 R2 vulnerabilities

CVE-2022-34719 [HIGH] Windows Distributed File System (DFS) Elevation of Privilege Vulnerability Windows Distributed File System (DFS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel. Windows Distributed File System (DFS): Windows Distri

CVE-2022-38005 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Pu

CVE-2022-33647 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: What privileges could be

CVE-2022-35833 [HIGH] Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Transport Security Layer (TLS): Windows Transport Security Layer (TLS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7

CVE-2022-35830 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: How could an attacker exploit this vulnerability? An unauth

CVE-2022-34727 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-35836 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-33679 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: What privileges could be

CVE-2022-30170 [HIGH] Windows Credential Roaming Service Elevation of Privilege Vulnerability Windows Credential Roaming Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user to log in to Windows. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited th

CVE-2022-35835 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-37956 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-34733 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-30200 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attac

CVE-2022-35834 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-34726 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-34734 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-34731 [HIGH] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute c

CVE-2022-37958 [HIGH] SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability FAQ: What is SPNEGO Extended Negotiation? The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see SPNEGO Overview for more information. FAQ: According to the CVSS metric, the attack com

CVE-2022-38004 [HIGH] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indic

CVE-2022-37955 [HIGH] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi