Msrc Windows Server 2019 vulnerabilities

CVE-2022-37970 [HIGH] Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an exe

CVE-2022-41033 [HIGH] Windows COM+ Event System Service Elevation of Privilege Vulnerability Windows COM+ Event System Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows COM+ Event System Service: Windows COM+ Event System Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Pri

CVE-2022-37976 [HIGH] Active Directory Certificate Services Elevation of Privilege Vulnerability Active Directory Certificate Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: How could an attacker exploit this vulnerability? A malicious DCOM client could coerce a DCOM server to authenticate to i

CVE-2022-33635 [HIGH] Windows GDI+ Remote Code Execution Vulnerability Windows GDI+ Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-ba

CVE-2022-37983 [HIGH] Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an

CVE-2022-37979 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitat

CVE-2022-37984 [HIGH] Windows WLAN Service Elevation of Privilege Vulnerability Windows WLAN Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows WLAN Service: Windows WLAN Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2022-38021 [HIGH] Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker w

CVE-2022-37978 [HIGH] Windows Active Directory Certificate Services Security Feature Bypass Windows Active Directory Certificate Services Security Feature Bypass FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack

CVE-2022-30198 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-38000 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-37994 [HIGH] Windows Group Policy Preference Client Elevation of Privilege Vulnerability Windows Group Policy Preference Client Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy Preference Client: Windows Group Policy Preference Client Microsoft: Microsoft Customer Action Required: Yes Impa

CVE-2022-38039 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-38016 [HIGH] Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer is

CVE-2022-38051 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-38045 [HIGH] Windows Server Service Elevation of Privilege Vulnerability Windows Server Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclos

CVE-2022-24504 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What doe

CVE-2022-37987 [HIGH] Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Client Server Run-time Subsystem (CSRSS): Client Server Run-time Subsystem (CSRSS) Microsoft: Microsoft Customer Ac

CVE-2022-38040 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-37981 [MEDIUM] Windows Event Logging Service Denial of Service Vulnerability Windows Event Logging Service Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Windows Event Logging Service: Windows Event Logging Service Microsoft: Microsoft