Msrc Windows Server 2022 vulnerabilities

CVE-2022-34302 [MEDIUM] CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in add

CVE-2022-34699 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-34713 [HIGH] Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself

CVE-2022-35820 [HIGH] Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An authorized local attacker could exploit this Windows Bluetooth driver vulnerability by programmatically running certain functions to arbitrarily gain registry key creation and deletion in the bthport.sys driver. Microsoft Bluetooth Driver: Microsoft B

CVE-2022-35765 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability.

CVE-2022-34712 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could access Kerberos protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit S

CVE-2022-30197 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass KASLR (Kernel Address Space Layout Randomization). See Mitigate threats by using Windows 10 security features. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mea

CVE-2022-34709 [MEDIUM] Windows Defender Credential Guard Security Feature Bypass Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Act

CVE-2022-34710 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could access Kerberos protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit S

CVE-2022-34704 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure

CVE-2022-22029 [HIGH] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: How could an attacker exploit this vulnerability? This vulnerab

CVE-2022-27776 [MEDIUM] HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data FAQ: Why is this a HackerOne CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of this library which a

CVE-2022-22031 [HIGH] Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Credential Guard: Windows Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: El

CVE-2022-30221 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. FAQ: I am running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. Is t

CVE-2022-30216 [HIGH] Windows Server Service Tampering Vulnerability Windows Server Service Tampering Vulnerability FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Tampering Exploit Status: Publicly

CVE-2022-22038 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Windows Remote Procedure Call Runtime: Windows Remote Procedure

CVE-2022-22039 [HIGH] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated,

CVE-2022-22036 [HIGH] Performance Counters for Windows Elevation of Privilege Vulnerability Performance Counters for Windows Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Performance Counters: Windows Performance Counters Microsoft: Microsoft Customer Action Required: Yes Impact: Elevat

CVE-2022-30222 [HIGH] Windows Shell Remote Code Execution Vulnerability Windows Shell Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could interact with the login screen of a vulnerable system in a specific manner to execute code on that system. Windows Shell: Windows Shell Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software

CVE-2022-23825 [MEDIUM] AMD: CVE-2022-23825 AMD CPU Branch Type Confusion AMD: CVE-2022-23825 AMD CPU Branch Type Confusion FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the