Msrc Windows Server 2022 vulnerabilities

CVE-2022-37980 [HIGH] Windows DHCP Client Elevation of Privilege Vulnerability Windows DHCP Client Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could leverage a specially crafted RPC call to the DHCP service to exploit this vulnerability. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37998 [HIGH] Windows Local Session Manager (LSM) Denial of Service Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than

CVE-2022-38028 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Pu

CVE-2022-37970 [HIGH] Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an exe

CVE-2022-37976 [HIGH] Active Directory Certificate Services Elevation of Privilege Vulnerability Active Directory Certificate Services Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. FAQ: How could an attacker exploit this vulnerability? A malicious DCOM client could coerce a DCOM server to authenticate to i

CVE-2022-37983 [HIGH] Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an

CVE-2022-37979 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitat

CVE-2022-37984 [HIGH] Windows WLAN Service Elevation of Privilege Vulnerability Windows WLAN Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows WLAN Service: Windows WLAN Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2022-38021 [HIGH] Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker w

CVE-2022-38039 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-38016 [HIGH] Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer is

CVE-2022-38045 [HIGH] Windows Server Service Elevation of Privilege Vulnerability Windows Server Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclos

CVE-2022-38036 [HIGH] Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Windows Internet Key Exchange (IKE) Protocol: Windows Internet Key Exchange (IKE) Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A Reference: ht

CVE-2022-37965 [MEDIUM] Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Remote Access Service Point-to-Point Tunneling Protocol: Remote Access Service Point-to-Point Tunneling Protocol Mic

CVE-2022-37996 [MEDIUM] Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action

CVE-2022-38025 [MEDIUM] Windows Distributed File System (DFS) Information Disclosure Vulnerability Windows Distributed File System (DFS) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. Windows Distributed File System (DFS): Windows Distributed File System (DFS) Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure

CVE-2022-38030 [MEDIUM] Windows USB Serial Driver Information Disclosure Vulnerability Windows USB Serial Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unintentional read access from uninitialized memory, which can be from either kernel memory or another user-mode process. Windows USB Serial Driver: Windows USB Serial

CVE-2022-34724 [HIGH] Windows DNS Server Denial of Service Vulnerability Windows DNS Server Denial of Service Vulnerability Role: DNS Server: Role: DNS Server Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017315 Reference: https://su

CVE-2022-33647 [HIGH] Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: What privileges could be

CVE-2022-30196 [HIGH] Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending specially crafted network traffic to the TLS server and could cause it to crash. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this