Msrc Windows Server 2016 vulnerabilities

CVE-2022-34696 [HIGH] Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available

CVE-2022-35793 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerab

CVE-2022-34701 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP): Windows Secure Socket Tunneling Protocol (SSTP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Les

CVE-2022-35822 [HIGH] Windows Defender Credential Guard Security Feature Bypass Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Actio

CVE-2022-33670 [HIGH] Windows Partition Management Driver Elevation of Privilege Vulnerability Windows Partition Management Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Partition Management Driver: Windows Partition Management Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevatio

CVE-2022-35749 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-35746 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Digital Media: Windows Digital Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Public

CVE-2022-34703 [HIGH] Windows Partition Management Driver Elevation of Privilege Vulnerability Windows Partition Management Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Partition Management Driver: Windows Partition Management Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevatio

CVE-2022-35743 [HIGH] Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself

CVE-2022-35761 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-34303 [MEDIUM] CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in addition to the normal security updat

CVE-2022-34711 [HIGH] Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-34301 [MEDIUM] CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in addition to the normal security updates to

CVE-2022-35767 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a spe

CVE-2022-35755 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited thi

CVE-2022-35792 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability.

CVE-2022-35760 [HIGH] Microsoft ATA Port Driver Elevation of Privilege Vulnerability Microsoft ATA Port Driver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be triggered when a windows client connects to a malicious remote share. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerabi

CVE-2022-35750 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Canonical Display Driver: Windows Canonical Display Driver Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:

CVE-2022-35769 [HIGH] Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Remote Access Service Point-to-Point Tunneling Protocol: Remote Access Service Point-to-Point Tunneling Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Li

CVE-2022-34702 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a spe