Msrc Windows Server 2022 vulnerabilities

CVE-2022-30148 [MEDIUM] Windows Desired State Configuration (DSC) Information Disclosure Vulnerability Windows Desired State Configuration (DSC) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions. Windows PowerShell: Windows Powe

CVE-2022-30162 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required:

CVE-2022-26937 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Windows Network File System: Windows Network File System Microsoft: Microsoft Customer Action Requ

CVE-2022-29106 [HIGH] Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of P

CVE-2022-26927 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The resulting Remote Code Execution would be within t

CVE-2022-26923 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System. FAQ: Where can I find out more information about this vulnerability? P

CVE-2022-29150 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-26932 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppCon

CVE-2022-22016 [HIGH] Windows PlayToManager Elevation of Privilege Vulnerability Windows PlayToManager Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed

CVE-2022-22017 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. Remote Desktop Client: Remote Desktop Client Microsoft: Microsoft Customer Action Required: Yes

CVE-2022-29151 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-29104 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2022-30190 [HIGH] Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install program

CVE-2022-29142 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploite

CVE-2022-23279 [HIGH] Windows ALPC Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows ALPC: Windows ALPC Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lat

CVE-2022-29125 [HIGH] Windows Push Notifications Apps Elevation of Privilege Vulnerability Windows Push Notifications Apps Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Push Notifications: Windows Push Notifications Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of

CVE-2022-26939 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privi

CVE-2022-29138 [HIGH] Windows Clustered Shared Volume Elevation of Privilege Vulnerability Windows Clustered Shared Volume Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2022-29135 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-29126 [HIGH] Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Tablet Windows User Interface: Tablet Windows User Interface Microsoft: Microsoft Customer Action