Msrc Windows Server Version 20H2 vulnerabilities

CVE-2022-35757 [HIGH] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vuln

CVE-2022-34302 [MEDIUM] CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. FAQ: Why are there different security update packages for this CVE? These are standalone security updates. These packages must be installed in add

CVE-2022-34699 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Win32K: Windows Win32K Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-35765 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability.

CVE-2022-34712 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could access Kerberos protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit S

CVE-2022-30197 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass KASLR (Kernel Address Space Layout Randomization). See Mitigate threats by using Windows 10 security features. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mea

CVE-2022-35754 [MEDIUM] Unified Write Filter Elevation of Privilege Vulnerability Unified Write Filter Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Unified Write Filter: Windows Unified Write Filter Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly D

CVE-2022-34709 [MEDIUM] Windows Defender Credential Guard Security Feature Bypass Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Act

CVE-2022-34710 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could access Kerberos protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit S

CVE-2022-34704 [MEDIUM] Windows Defender Credential Guard Information Disclosure Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure

CVE-2022-22029 [HIGH] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: How could an attacker exploit this vulnerability? This vulnerab

CVE-2022-27776 [MEDIUM] HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data FAQ: Why is this a HackerOne CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of this library which a

CVE-2022-22031 [HIGH] Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Credential Guard: Windows Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: El

CVE-2022-30216 [HIGH] Windows Server Service Tampering Vulnerability Windows Server Service Tampering Vulnerability FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Tampering Exploit Status: Publicly

CVE-2022-22038 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Windows Remote Procedure Call Runtime: Windows Remote Procedure

CVE-2022-22039 [HIGH] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated,

CVE-2022-30222 [HIGH] Windows Shell Remote Code Execution Vulnerability Windows Shell Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could interact with the login screen of a vulnerable system in a specific manner to execute code on that system. Windows Shell: Windows Shell Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software

CVE-2022-22045 [HIGH] Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Windows.Devices.Picker.dll Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited t

CVE-2022-30215 [HIGH] Active Directory Federation Services Elevation of Privilege Vulnerability Active Directory Federation Services Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: What privileges could be gained by an attacker who succ

CVE-2022-22041 [MEDIUM] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted U