Msrc Windows Server 2016 vulnerabilities

CVE-2022-29106 [HIGH] Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of P

CVE-2022-29139 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server

CVE-2022-29115 [HIGH] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user import a specially crafted contact record and then send it a FAX. Role: Windows Fax Service: Role: Windows Fax Service Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code

CVE-2022-26923 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System. FAQ: Where can I find out more information about this vulnerability? P

CVE-2022-29150 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-26932 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppCon

CVE-2022-22016 [HIGH] Windows PlayToManager Elevation of Privilege Vulnerability Windows PlayToManager Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed

CVE-2022-29151 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-26926 [HIGH] Windows Address Book Remote Code Execution Vulnerability Windows Address Book Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user import a specially crafted contact record into the Windows Address Book. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a r

CVE-2022-22014 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older S

CVE-2022-29105 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB

CVE-2022-29104 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2022-26931 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. FAQ: Where can I find out more information about this vulnerability? Please see Certificate-based authentication chang

CVE-2022-30138 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2022-22019 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Windows Remote Procedure Ca

CVE-2022-30190 [HIGH] Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install program

CVE-2022-29125 [HIGH] Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Push Notifications: Windows Push Notifications Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of

CVE-2022-26939 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privi

CVE-2022-29138 [HIGH] Windows Clustered Shared Volume Elevation of Privilege Vulnerability Windows Clustered Shared Volume Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2022-29132 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/S