Msrc Windows Server 2019 vulnerabilities

CVE-2022-30215 [HIGH] Active Directory Federation Services Elevation of Privilege Vulnerability Active Directory Federation Services Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who succ

CVE-2022-22037 [HIGH] Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An a

CVE-2022-22040 [HIGH] Internet Information Services Dynamic Compression Module Denial of Service Vulnerability Internet Information Services Dynamic Compression Module Denial of Service Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availabilit

CVE-2022-29900 [MEDIUM] AMD: CVE-2022-29900 AMD CPU Branch Type Confusion AMD: CVE-2022-29900 AMD CPU Branch Type Confusion FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the

CVE-2022-30206 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Pu

CVE-2022-22041 [MEDIUM] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted U

CVE-2022-22711 [MEDIUM] Windows BitLocker Information Disclosure Vulnerability Windows BitLocker Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: What type of information could be disclosed by this vulnerability? The type of

CVE-2022-30208 [MEDIUM] Windows Security Account Manager (SAM) Denial of Service Vulnerability Windows Security Account Manager (SAM) Denial of Service Vulnerability Windows Security Account Manager: Windows Security Account Manager Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.u

CVE-2022-30214 [MEDIUM] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. FAQ: According to the CVSS me

CVE-2022-30223 [MEDIUM] Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability? Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual

CVE-2022-22028 [MEDIUM] Windows Network File System Information Disclosure Vulnerability Windows Network File System Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker

CVE-2022-21845 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be

CVE-2022-22048 [MEDIUM] BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. Windows BitLocker: Windows BitLocker Microsoft:

CVE-2022-30212 [MEDIUM] Windows Connected Devices Platform Service Information Disclosure Vulnerability Windows Connected Devices Platform Service Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What type of information could be disclosed by this vulnerability? The type of information that coul

CVE-2022-30205 [MEDIUM] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vu

CVE-2022-22042 [MEDIUM] Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker can gain access to uninitialized buffer information. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;

CVE-2022-22023 [MEDIUM] Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could bypass "Deny Read/Write USB devices" Group Policy settings and access USB devices attached to a vulnerable system. Windows Portable De

CVE-2022-30213 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microso

CVE-2022-30136 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Windows Network File System: Windows Network File System Microsoft: Microsoft Customer Action Requ

CVE-2022-30132 [HIGH] Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service: Windows Container Manager Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://cata