Msrc Windows Server Version 20H2 vulnerabilities

CVE-2022-29113 [HIGH] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnera

CVE-2022-26923 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System. FAQ: Where can I find out more information about this vulnerability? P

CVE-2022-29150 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-26932 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppCon

CVE-2022-22016 [HIGH] Windows PlayToManager Elevation of Privilege Vulnerability Windows PlayToManager Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed

CVE-2022-29151 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-29105 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB

CVE-2022-29142 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploite

CVE-2022-23279 [HIGH] Windows ALPC Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows ALPC: Windows ALPC Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lat

CVE-2022-26939 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privi

CVE-2022-29138 [HIGH] Windows Clustered Shared Volume Elevation of Privilege Vulnerability Windows Clustered Shared Volume Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required: Yes Im

CVE-2022-29135 [HIGH] Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Cluster Shared Volume (CSV): Windows Cluster Shared Volume (CSV) Microsoft: Microsoft Customer Action Required:

CVE-2022-29131 [HIGH] Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller. Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweig

CVE-2022-26938 [HIGH] Storage Spaces Direct Elevation of Privilege Vulnerability Storage Spaces Direct Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privi

CVE-2022-26913 [HIGH] Windows Authentication Information Disclosure Vulnerability Windows Authentication Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. FAQ: How could an

CVE-2022-29140 [MEDIUM] Windows Print Spooler Information Disclosure Vulnerability Windows Print Spooler Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Customer Action Requir

CVE-2022-29122 [MEDIUM] Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level t

CVE-2022-29134 [MEDIUM] Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. FAQ: According to the CVSS metric, successful

CVE-2022-22713 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:Yes;Expl

CVE-2022-24466 [MEDIUM] Windows Hyper-V Security Feature Bypass Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This Hyper-V vulnerability relates to a Virtual Machine Switch with virtual networking in Hyper-V Network Virtualization (HNV). It might be possible to bypass extended ACLs and other Windows security feature checks. See Create Security Policies with Extended Port Acc