Msrc Windows Server 2016 vulnerabilities

CVE-2022-29121 [MEDIUM] Windows WLAN AutoConfig Service Denial of Service Vulnerability Windows WLAN AutoConfig Service Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would i

CVE-2022-29127 [MEDIUM] BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption fe

CVE-2022-29112 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability require

CVE-2022-26930 [MEDIUM] Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows

CVE-2022-29102 [MEDIUM] Windows Failover Cluster Information Disclosure Vulnerability Windows Failover Cluster Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Failover Cluster Automation Server: Windows Failover

CVE-2022-22015 [MEDIUM] Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Ex

CVE-2022-26936 [MEDIUM] Windows Server Service Information Disclosure Vulnerability Windows Server Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The presence of specific file names and users can be confirmed over the internal network. FAQ: What is the Windows Server Service? The Windows Server Service is frequently referred to as LanmanServer, and is responsible for making printer and file sharing possible within a Windows

CVE-2022-29123 [MEDIUM] Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level t

CVE-2022-22011 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-24491 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: I am running a supported version of Windows Server. Is my system vulnerable to this issue? This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here. FAQ: How could an att

CVE-2022-26809 [CRITICAL] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. FAQ: Why did Microsoft remove the Mitigation to “Block

CVE-2022-24497 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: I am running a supported version of Windows Server. Is my system vulnerable to this issue? This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here. FAQ: How could an att

CVE-2022-24492 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Windows Remote Procedure Ca

CVE-2022-24479 [HIGH] Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Windows Feedback Hub: Windows Feedback Hub Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft

CVE-2022-24495 [HIGH] Windows Direct Show Remote Code Execution Vulnerability Windows Direct Show Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indic

CVE-2022-26811 [HIGH] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Role: DNS Server: Role: DNS Ser

CVE-2022-21983 [HIGH] Win32 Stream Enumeration Remote Code Execution Vulnerability Win32 Stream Enumeration Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interacti

CVE-2022-26803 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2022-24530 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012647 Reference: htt

CVE-2022-26826 [HIGH] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Role: DNS Server: Role: DNS Ser