November 2022 Security UpdatesSecurity Updatesecure@microsoft.comThe Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.2022-Nov2022-NovFinal1.0432023-10-12T07:00:00November 2022 Security Updates2022-11-08T08:00:002023-10-12T07:00:00<h2 id="updates-this-month">Updates this Month</h2>
<p>This release consists of security updates for the following products, features and roles.</p>
<ul>
<li>.NET Framework</li>
<li>AMD CPU Branch</li>
<li>Azure</li>
<li>Azure Real Time Operating System</li>
<li>Linux Kernel</li>
<li>Microsoft Dynamics</li>
<li>Microsoft Edge (Chromium-based)</li>
<li>Microsoft Exchange Server</li>
<li>Microsoft Graphics Component</li>
<li>Microsoft Office</li>
<li>Microsoft Office Excel</li>
<li>Microsoft Office SharePoint</li>
<li>Microsoft Office Word</li>
<li>Network Policy Server (NPS)</li>
<li>Open Source Software</li>
<li>Role: Windows Hyper-V</li>
<li>SysInternals</li>
<li>Visual Studio</li>
<li>Windows Advanced Local Procedure Call</li>
<li>Windows ALPC</li>
<li>Windows Bind Filter Driver</li>
<li>Windows BitLocker</li>
<li>Windows CNG Key Isolation Service</li>
<li>Windows Devices Human Interface</li>
<li>Windows Digital Media</li>
<li>Windows DWM Core Library</li>
<li>Windows Extensible File Allocation</li>
<li>Windows Group Policy Preference Client</li>
<li>Windows HTTP.sys</li>
<li>Windows Kerberos</li>
<li>Windows Mark of the Web (MOTW)</li>
<li>Windows Netlogon</li>
<li>Windows Network Address Translation (NAT)</li>
<li>Windows ODBC Driver</li>
<li>Windows Overlay Filter</li>
<li>Windows Point-to-Point Tunneling Protocol</li>
<li>Windows Print Spooler Components</li>
<li>Windows Resilient File System (ReFS)</li>
<li>Windows Scripting</li>
<li>Windows Win32K</li>
</ul>
<p>Please note the following information regarding the security updates:</p>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>August 9, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-information">Relevant Information</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2>
<p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p>
<ul>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23824">CVE-2022-23824</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3602">CVE-2022-3602</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3786">CVE-2022-3786</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37966">CVE-2022-37966</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37967">CVE-2022-37967</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37992">CVE-2022-37992</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014">CVE-2022-38014</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38015">CVE-2022-38015</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38023">CVE-2022-38023</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-39253">CVE-2022-39253</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-39327">CVE-2022-39327</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41039">CVE-2022-41039</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41044">CVE-2022-41044</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41045">CVE-2022-41045</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41047">CVE-2022-41047</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41048">CVE-2022-41048</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41049">CVE-2022-41049</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41050">CVE-2022-41050</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051">CVE-2022-41051</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41052">CVE-2022-41052</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41054">CVE-2022-41054</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41055">CVE-2022-41055</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41057">CVE-2022-41057</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060">CVE-2022-41060</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41061">CVE-2022-41061</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41062">CVE-2022-41062</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41063">CVE-2022-41063</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064">CVE-2022-41064</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41066">CVE-2022-41066</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073">CVE-2022-41073</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085">CVE-2022-41085</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41086">CVE-2022-41086</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41088">CVE-2022-41088</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41090">CVE-2022-41090</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091">CVE-2022-41091</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41092">CVE-2022-41092</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41093">CVE-2022-41093</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41095">CVE-2022-41095</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41096">CVE-2022-41096</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41097">CVE-2022-41097</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41098">CVE-2022-41098</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41099">CVE-2022-41099</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41100">CVE-2022-41100</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41101">CVE-2022-41101</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41102">CVE-2022-41102</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41103">CVE-2022-41103</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41104">CVE-2022-41104</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41105">CVE-2022-41105</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41106">CVE-2022-41106</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41107">CVE-2022-41107</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41109">CVE-2022-41109</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41113">CVE-2022-41113</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41114">CVE-2022-41114</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41116">CVE-2022-41116</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41118">CVE-2022-41118</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119">CVE-2022-41119</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41120">CVE-2022-41120</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41122">CVE-2022-41122</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125">CVE-2022-41125</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41128">CVE-2022-41128</a></li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5002258">5002258</a></td>
<td>Microsoft SharePoint Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002267">5002267</a></td>
<td>Microsoft SharePoint Server 2013</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002269">5002269</a></td>
<td>Microsoft SharePoint Server 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002271">5002271</a></td>
<td>Microsoft SharePoint Server Subscription Edition</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5019959">5019959</a></td>
<td>Windows 10 Version 21H1</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5019966">5019966</a></td>
<td>Windows 10 Version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5019980">5019980</a></td>
<td>Windows 11 version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020000">5020000</a></td>
<td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020003">5020003</a></td>
<td>Windows Server 2012 (Security Only)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020005">5020005</a></td>
<td>Windows Server 2008 (Security Only)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020009">5020009</a></td>
<td>Windows Server 2012 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020010">5020010</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Security Only)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020013">5020013</a></td>
<td>Windows 7, Windows Server 2008 R2 (Security Only)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020019">5020019</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5020023">5020023</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 21H1 for x64-based SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows Server 2022Windows Server 2022 (Server Core installation)Windows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016Windows Server 2016 (Server Core installation)Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Microsoft Edge (Chromium-based)Windows Subsystem for Linux (WSL2)vcpkgAzure EFLOWAzure CycleCloud 8Azure CycleCloud 7Azure CLIMicrosoft Azure Kubernetes ServiceAzure SDK for C++Azure RTOS GUIX StudioNuget 2.1.2Nuget 4.8.5Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2019Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.7.2 on Windows Server 2019Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 11 version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2022Microsoft .NET Framework 4.8 on Windows Server 2022 (Server Core installation)Microsoft .NET Framework 4.8.1 on Windows Server 2022Microsoft .NET Framework 4.8.1 on Windows Server 2022 (Server Core installation)Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit SystemsMicrosoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based SystemsWindows SysmonMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.3Microsoft Visual Studio 2022 version 17.0Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.2Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft Office 2016 (32-bit edition)Microsoft Office 2016 (64-bit edition)Microsoft Office 2013 RT Service Pack 1Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft Office 2013 Service Pack 1 (64-bit editions)SharePoint Server Subscription Edition Language PackMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Office LTSC 2021 for 64-bit editionsMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Office Online ServerMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for 32-bit editionsMicrosoft Word 2016 (64-bit edition)Microsoft Word 2016 (32-bit edition)Microsoft Word 2013 RT Service Pack 1Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft Office LTSC for Mac 2021Microsoft Office 2019 for MacMicrosoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 22Microsoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 12Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Dynamics NAV 2018Dynamics 365 Business Central Spring 2019 UpdateMicrosoft Dynamics 365 Business Central 2022 Release Wave 2Microsoft Dynamics 365 Business Central 2022 Release Wave 1Microsoft Dynamics 365 Business Central 2021 Release Wave 2CBL Mariner 1.0 x64CBL Mariner 1.0 ARMCBL Mariner 2.0 x64CBL Mariner 2.0 ARMWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows Server 2012 R2Windows RT 8.1Windows Server 2012 R2 (Server Core installation)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Office 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsMicrosoft Excel 2016 (32-bit edition)Microsoft Excel 2016 (64-bit edition)Microsoft Word 2016 (32-bit edition)Microsoft Word 2016 (64-bit edition)Microsoft Office 2016 (32-bit edition)Microsoft Office 2016 (64-bit edition)Windows Server 2016Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2016 (Server Core installation)Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Enterprise Server 2013 Service Pack 1Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows Server 2019 (Server Core installation)Microsoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for MacMicrosoft SharePoint Server 2019Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Office Online ServerMicrosoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2022Microsoft .NET Framework 4.8 on Windows Server 2022 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 11 version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit SystemsMicrosoft Edge (Chromium-based)Microsoft Azure Kubernetes ServiceMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)Microsoft Dynamics NAV 2018Dynamics 365 Business Central Spring 2019 UpdateMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsMicrosoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft .NET Framework 4.7.2 on Windows Server 2019Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H1 for x64-based SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows Server 2022Windows Server 2022 (Server Core installation)Windows 11 version 21H2 for x64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2021 for 64-bit editionsMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft Exchange Server 2016 Cumulative Update 22Microsoft Exchange Server 2019 Cumulative Update 11Microsoft SharePoint Server Subscription EditionMicrosoft Visual Studio 2022 version 17.0SharePoint Server Subscription Edition Language PackMicrosoft Exchange Server 2019 Cumulative Update 12Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Visual Studio 2022 version 17.2Azure RTOS GUIX StudioWindows Subsystem for Linux (WSL2)Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows Server 2022Microsoft .NET Framework 4.8.1 on Windows Server 2022 (Server Core installation)Microsoft .NET Framework 4.8.1 on Windows 11 version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based SystemsMicrosoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit SystemsMicrosoft Visual Studio 2022 version 17.3Windows 11 Version 22H2 for ARM64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsAzure CycleCloud 8Azure CLIAzure CycleCloud 7Microsoft Dynamics 365 Business Central 2022 Release Wave 2Windows SysmonMicrosoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)vcpkgAzure SDK for C++Azure EFLOWNuget 4.8.5Nuget 2.1.2Microsoft Dynamics 365 Business Central 2022 Release Wave 1Microsoft Dynamics 365 Business Central 2021 Release Wave 2Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit SystemsMicrosoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based SystemsCBL Mariner 1.0 x64CBL Mariner 1.0 ARMCBL Mariner 2.0 x64CBL Mariner 2.0 ARMWindows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions<p><strong>Are any additional steps required to protect my system after installing the November Windows updates?</strong></p>
<p>Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.</p>
<ul>
<li>Microsoft Windows client customers: See <a href="https://support.microsoft.com/help/4073119">Microsoft Knowledge Base Article 4073119</a>.</li>
<li>Microsoft Windows Server/Azure Stack HCI customers: See <a href="https://support.microsoft.com/help/4072698">Microsoft Knowledge Base Article 4072698</a> for additional information, including workarounds.</li>
</ul>
<p>Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect VMs running in Azure. More information can be found <a href="https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities">here</a>.</p>
<p><strong>Can I expect any performance impact after I configure the registry keys?</strong></p>
<p>In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security.</p>
<p><strong>Are Microsoft Azure assets protected?</strong></p>
<p>Microsoft has already deployed mitigations across our cloud services. More information is available <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/mitigate-se">here</a>.</p>
<p><strong>How do I know if I am affected?</strong></p>
<p>Please refer to AMD advisory <a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a> to determine which AMD CPUs are affected.</p>
<p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p>
<p>Please see the following for more information:</p>
<ul>
<li><a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040">AMD-SB-1040</a></li>
</ul>
AMD CPU BranchAMDCVE-2022-2382411568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Information Disclosure11568Information Disclosure11569Information Disclosure11570Information Disclosure11571Information Disclosure11572Information Disclosure11896Information Disclosure11897Information Disclosure11898Information Disclosure11923Information Disclosure11924Information Disclosure11801Information Disclosure11802Information Disclosure11926Information Disclosure11927Information Disclosure11929Information Disclosure11930Information Disclosure11931Information Disclosure12085Information Disclosure12086Information Disclosure12097Information Disclosure12098Information Disclosure12099Information Disclosure10729Information Disclosure10735Information Disclosure10852Information Disclosure10853Information Disclosure10816Information Disclosure10855Information Disclosure10047Information Disclosure10048Information Disclosure10481Information Disclosure10482Information Disclosure10484Information Disclosure9312Information Disclosure10287Information Disclosure9318Information Disclosure9344Information Disclosure10051Information Disclosure10049Information Disclosure10378Information Disclosure10379Information Disclosure10483Information Disclosure10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/502000310378103791.02022-11-08T08:00:00<p>Information published.</p>
1.12022-11-14T08:00:00<p>Updated FAQs to provide the following information: 1) Extra security features customers might with to implement. 2) Affect on performance impact. 3) How to know if you are affected. These are informational changes only.</p>
Chromium: CVE-2022-3885 Use after free in V8<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3885116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:28<p>Information published.</p>
Chromium: CVE-2022-3886 Use after free in Speech Recognition<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3886116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:31<p>Information published.</p>
Chromium: CVE-2022-3887 Use after free in Web Workers<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3887116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:34<p>Information published.</p>
Chromium: CVE-2022-3888 Use after free in WebCodecs<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3888116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:36<p>Information published.</p>
Chromium: CVE-2022-3889 Type Confusion in V8<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3889116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:39<p>Information published.</p>
Chromium: CVE-2022-3890 Heap buffer overflow in Crashpad<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.42</td>
<td>107.0.5304.106</td>
<td>11/10/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.72</td>
<td>106.0.5249.181</td>
<td>11/10/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-3890116551165511655DOS:N/ARelease Notes11655NoSecurity Update107.0.1418.421.02022-11-10T17:16:41<p>Information published.</p>
Chromium: CVE-2022-4135 Heap buffer overflow in GPU<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p>Google is aware that an exploit for CVE-2022-4135 exists in the wild.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>107.0.1418.62</td>
<td>107.0.5304.150</td>
<td>11/28/2022</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>106.0.1370.86</td>
<td>106.0.5249.205</td>
<td>11/28/2022</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)ChromeCVE-2022-4135116551165511655DOS:N/ARelease Notes11655NoSecurity Update1.02022-11-28T15:34:45<p>Information published.</p>
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Linux KernelMicrosoftCVE-2022-380141206912118Elevation of Privilege12069Elevation of Privilege12118Important12069Important12118Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120697.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C12118Release Noteshttps://github.com/microsoft/WSL2-Linux-Kernel12069MaybeSecurity Update5.15.62.1Release Noteshttps://github.com/Azure/iotedge-eflow/releases12118MaybeSecurity Update1.4.2.12122 LTSMicrosoft Offensive Research & Security Engineering (MORSE)1.02022-11-08T08:00:00<p>Information published.</p>
1.12023-01-23T08:00:00<p>Updated the build numbers. This is an informational update only.</p>
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.</p>
<p><strong>Where can I find more information about these changes?</strong></p>
<p>For more information please see <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p>
<p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p>
<p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p>
<p><strong>There is a known issue documented in the security updates that address this vulnerability, where Kerberos authentication might fail for user, computer, service, and GMSA accounts when serviced by Windows domain controllers that have installed Windows security updates released on November 8, 2022. Has an update been released that addresses this known issue?</strong></p>
<p>Yes. The issue is addressed by out-of-band updates released to <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a> on and after November 17, 2022. Customers who have not already installed the security updates released on November 8, 2022 should install the out-of-band updates instead. Customers who have already installed the November 8, 2022 Windows security updates and who are experiencing issues should install the out-of-band updates.</p>
<p>For more information about these updates please see the OS version specific info on <a href="http://aka.ms/wrh">Windows release health</a> at the following links:</p>
<ul>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-11-22h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-11-22h2#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-11-21h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-11-21h2#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-server-2022#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-server-2022#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-22h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-22h2#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h2#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc%5D">https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc</a></li>
<li><a href="%5Bhttps://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc</a></li>
<li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-1809-and-windows-server-2019#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-1809-and-windows-server-2019#2953msgdesc</a></li>
</ul>
<p>For more information please see the <strong>Known Issues</strong> section of <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p>
Windows KerberosMicrosoftCVE-2022-3796611571115721192311924108161085593121028793189344100511004910378103791048310543Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Critical11571Critical11572Critical11923Critical11924Critical10816Critical10855Critical9312Critical10287Critical9318Critical9344Critical10051Critical10049Critical10378Critical10379Critical10483Critical10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A8.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93128.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102878.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93188.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93448.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100498.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105431.02022-11-08T08:00:00<p>Information published.</p>
2.02022-11-17T08:00:00<p>To address a known issue where Kerberos authentication might fail for user, computer, service, and GMSA accounts when serviced by Windows domain controllers that have installed Windows security updates released on November 8, 2022, Microsoft is announcing the availability of out-of-band Windows updates available on the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For more information see the FAQs section of this CVE and the Known Issues section of <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p>
Azure CycleCloud Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to brute force authentication and obtain a successful login.</p>
<p><strong>What versions are impacted by this vulnerability?</strong></p>
<p>All versions are impacted and should be updated based on the documentation provided in the CVE.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p>
AzureMicrosoftCVE-2022-410851210212104Elevation of Privilege12102Elevation of Privilege12104Important12102Important12104Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A7.56.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C121027.56.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C12104Release Noteshttps://docs.microsoft.com/en-us/azure/cyclecloud/packages12102MaybeSecurity Update8.3.0Release Noteshttps://docs.microsoft.com/en-us/azure/cyclecloud/packages12104MaybeSecurity Update7.9.11Yiming Xiang with <a href="https://www.nsfocus.cn/">NSFOCUS TIANJI LAB</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p>
Windows ALPCMicrosoftCVE-2022-41100115681156911570115711157211896118971189811923119241180111802119261192711929119301193112085120861209712098120991072910735108521085310816108551048110482104841048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10481Important10482Important10484Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.20670<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Network Address Translation (NAT) Denial of Service VulnerabilityWindows Network Address Translation (NAT)MicrosoftCVE-2022-4105811568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Denial of Service11568Denial of Service11569Denial of Service11570Denial of Service11571Denial of Service11572Denial of Service11896Denial of Service11897Denial of Service11898Denial of Service11923Denial of Service11924Denial of Service11801Denial of Service11802Denial of Service11926Denial of Service11927Denial of Service11929Denial of Service11930Denial of Service11931Denial of Service12085Denial of Service12086Denial of Service12097Denial of Service12098Denial of Service12099Denial of Service10729Denial of Service10735Denial of Service10852Denial of Service10853Denial of Service10816Denial of Service10855Denial of Service10047Denial of Service10048Denial of Service10481Denial of Service10482Denial of Service10484Denial of Service9312Denial of Service10287Denial of Service9318Denial of Service9344Denial of Service10051Denial of Service10049Denial of Service10378Denial of Service10379Denial of Service10483Denial of Service10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A7.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115687.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115697.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115707.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115717.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115727.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118967.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119237.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119247.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118017.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118027.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119267.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119277.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119307.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119317.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120857.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120867.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120997.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107357.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108527.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108537.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108167.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108557.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100477.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100487.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104817.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104827.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104847.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93127.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C102877.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93187.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93447.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100517.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100497.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103787.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103797.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104837.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Huichen Lin and Dong Seong Kim with <a href="https://www.itee.uq.edu.au/">School of Information Technology and Electrical Engineering - The University of Queensland</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Overlay Filter Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Overlay FilterMicrosoftCVE-2022-4110111568115691157011571115721189611897118981192311924118011180211926119271192911930119311072910735108521085310816108551208612085120991209812097Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege12086Elevation of Privilege12085Elevation of Privilege12099Elevation of Privilege12098Elevation of Privilege12097Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important10729Important10735Important10852Important10853Important10816Important10855Important12086Important12085Important12099Important12098Important12097Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120975019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209912098120975019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208612085YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012086120855019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120991209812097YesSecurity Update10.0.19045.2251<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Overlay Filter Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Overlay FilterMicrosoftCVE-2022-4110211568115691157011571115721189611897118981192311924118011180211926119271192911930119311072910735108521085310816108551208512086120981209712099Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12098Elevation of Privilege12097Elevation of Privilege12099Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important10729Important10735Important10852Important10853Important10816Important10855Important12085Important12086Important12098Important12097Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209812097120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120981209712099YesSecurity Update10.0.19045.2251<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
.NET Framework Information Disclosure Vulnerability<p><strong>If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability?</strong></p>
<p>Customers using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:</p>
<ul>
<li>If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework</li>
<li>If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.</li>
<li>If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.</li>
</ul>
<p>Please see <a href="https://github.com/dotnet/announcements/issues/239">Microsoft Security Advisory CVE 2022-41064 | .NET Information Disclosure Vulnerability</a> for more information.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within the SQL Connection Pool.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to exhaust all the threads in the thread pool.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could cause the attacker access queries from other users in the SQL Connection Pool.</p>
.NET FrameworkMicrosoftCVE-2022-41064121201211911650-1193011650-1048311650-1156811650-1004911650-1157111650-1005111650-1189811650-1156911650-1048211650-1048111650-1081611650-1180211650-1085211650-1037811650-1054311650-1192911650-1004711650-1189611650-1048411650-1085511650-1037911650-1180111650-1189711650-1085311723-1085211723-1081611723-1085311723-1085511862-1156911862-1156811862-1157011862-1157211862-1157111650-1193112078-1189612078-1189712078-1189812078-1192912078-1193012078-1193111650-1157211650-1004811863-1037912078-1208612078-1192711650-1209711863-1004811650-1209811650-1192711863-1037812078-1209912078-1209812078-1208511650-1209911863-1054311863-1048211863-1048111863-1048412078-1209712078-1192612078-1180212078-1180111863-1004711650-1192611863-1004911863-1048311863-1005112115-931812115-931212115-1028712115-934411650-1157011650-1192311650-1192412078-1192312078-1192412136-1072912136-10735Information Disclosure12120Information Disclosure12119Information Disclosure11650-11930Information Disclosure11650-10483Information Disclosure11650-11568Information Disclosure11650-10049Information Disclosure11650-11571Information Disclosure11650-10051Information Disclosure11650-11898Information Disclosure11650-11569Information Disclosure11650-10482Information Disclosure11650-10481Information Disclosure11650-10816Information Disclosure11650-11802Information Disclosure11650-10852Information Disclosure11650-10378Information Disclosure11650-10543Information Disclosure11650-11929Information Disclosure11650-10047Information Disclosure11650-11896Information Disclosure11650-10484Information Disclosure11650-10855Information Disclosure11650-10379Information Disclosure11650-11801Information Disclosure11650-11897Information Disclosure11650-10853Information Disclosure11723-10852Information Disclosure11723-10816Information Disclosure11723-10853Information Disclosure11723-10855Information Disclosure11862-11569Information Disclosure11862-11568Information Disclosure11862-11570Information Disclosure11862-11572Information Disclosure11862-11571Information Disclosure11650-11931Information Disclosure12078-11896Information Disclosure12078-11897Information Disclosure12078-11898Information Disclosure12078-11929Information Disclosure12078-11930Information Disclosure12078-11931Information Disclosure11650-11572Information Disclosure11650-10048Information Disclosure11863-10379Information Disclosure12078-12086Information Disclosure12078-11927Information Disclosure11650-12097Information Disclosure11863-10048Information Disclosure11650-12098Information Disclosure11650-11927Information Disclosure11863-10378Information Disclosure12078-12099Information Disclosure12078-12098Information Disclosure12078-12085Information Disclosure11650-12099Information Disclosure11863-10543Information Disclosure11863-10482Information Disclosure11863-10481Information Disclosure11863-10484Information Disclosure12078-12097Information Disclosure12078-11926Information Disclosure12078-11802Information Disclosure12078-11801Information Disclosure11863-10047Information Disclosure11650-11926Information Disclosure11863-10049Information Disclosure11863-10483Information Disclosure11863-10051Information Disclosure12115-9318Information Disclosure12115-9312Information Disclosure12115-10287Information Disclosure12115-9344Information Disclosure11650-11570Information Disclosure11650-11923Information Disclosure11650-11924Information Disclosure12078-11923Information Disclosure12078-11924Information Disclosure12136-10729Information Disclosure12136-10735Important12120Important12119Important11650-11930Important11650-10483Important11650-11568Important11650-10049Important11650-11571Important11650-10051Important11650-11898Important11650-11569Important11650-10482Important11650-10481Important11650-10816Important11650-11802Important11650-10852Important11650-10378Important11650-10543Important11650-11929Important11650-10047Important11650-11896Important11650-10484Important11650-10855Important11650-10379Important11650-11801Important11650-11897Important11650-10853Important11723-10852Important11723-10816Important11723-10853Important11723-10855Important11862-11569Important11862-11568Important11862-11570Important11862-11572Important11862-11571Important11650-11931Important12078-11896Important12078-11897Important12078-11898Important12078-11929Important12078-11930Important12078-11931Important11650-11572Important11650-10048Important11863-10379Important12078-12086Important12078-11927Important11650-12097Important11863-10048Important11650-12098Important11650-11927Important11863-10378Important12078-12099Important12078-12098Important12078-12085Important11650-12099Important11863-10543Important11863-10482Important11863-10481Important11863-10484Important12078-12097Important12078-11926Important12078-11802Important12078-11801Important11863-10047Important11650-11926Important11863-10049Important11863-10483Important11863-10051Important12115-9318Important12115-9312Important12115-10287Important12115-9344Important11650-11570Important11650-11923Important11650-11924Important12078-11923Important12078-11924Important12136-10729Important12136-10735Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C121205.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C121195.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119305.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-104835.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-115685.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-100495.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-115715.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-100515.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-118985.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-115695.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-104825.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-104815.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-108165.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-118025.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-108525.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-103785.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-105435.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119295.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-100475.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-118965.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-104845.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-108555.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-103795.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-118015.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-118975.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-108535.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11723-108525.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11723-108165.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11723-108535.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11723-108555.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11862-115695.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11862-115685.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11862-115705.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11862-115725.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11862-115715.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119315.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-118965.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-118975.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-118985.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119295.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119305.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119315.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-115725.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-100485.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-103795.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-120865.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119275.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-120975.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-100485.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-120985.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119275.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-103785.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-120995.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-120985.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-120855.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-120995.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-105435.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-104825.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-104815.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-104845.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-120975.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119265.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-118025.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-118015.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-100475.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119265.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-100495.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-104835.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11863-100515.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12115-93185.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12115-93125.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12115-102875.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12115-93445.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-115705.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119235.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C11650-119245.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119235.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12078-119245.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12136-107295.85.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C12136-10735Release Noteshttps://www.nuget.org/packages/Microsoft.Data.SqlClient/12120MaybeSecurity Update2.1.2Release Noteshttps://www.nuget.org/packages/Microsoft.Data.SqlClient/12119MaybeSecurity Update4.8.45020687https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206135017500, 5018858, 501854511650-1193011650-1192911650-11931MaybeSecurity Update4.8.04584.085020690https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206205016568, 501854911650-1048311650-1048211650-1048111650-1054311650-10484MaybeMonthly Rollup4.8.04005.025020680https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502060811650-1048311650-1048211650-10543MaybeSecurity Only6.3.04585.015020685https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206155013868, 5018511650-1156811650-11569MaybeMonthly Rollup10.0.04585.025020688https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206215013870, 501854711650-1004911650-1005111650-1004711650-10048MaybeMonthly Rollup4.8.04585.025020678https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502060911650-1004911650-1005111650-1004711650-10048MaybeSecurity Only6.2.04585.015020685https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50182105013868, 5018511650-1157111650-11572MaybeSecurity Update10.0.09110.125020801https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206135017499, 5018857, 501854411650-1189811650-1189611650-11897MaybeSecurity Update4.8.04584.08502068011650-10481MaybeSecurity Only6.3.04585.015020614https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206145013625, 501851511650-1081611650-1085211650-1085511650-10853MaybeSecurity Update10.0.04585.025020686https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206135017498, 5018856, 501854311650-1180211650-11801MaybeSecurity Update4.8.04584.085020689https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206185013871, 501854811650-1037811650-10379MaybeMonthly Rollup4.8.04585.025020679https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502060611650-1037811650-10379MaybeSecurity Only6.2.04585.015019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841111723-1085211723-1081611723-1085311723-10855YesSecurity Update10.0.14393.55015020685https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206275013868, 5018511862-1156911862-1156811862-1157011862-1157211862-11571MaybeSecurity Update10.0.04005.025020801https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206235017499, 5018857, 501854412078-1189612078-1189712078-11898MaybeSecurity Update4.8.09110.075020687https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206235017500, 5018858, 501854512078-1192912078-1193012078-11931MaybeSecurity Update4.8.09110.075020689https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206285013871, 501854811863-1037911863-10378MaybeMonthly Rollup4.7.04005.025020679https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502061011863-1037911863-10378MaybeSecurity Only6.2.04005.015020622https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206225017271, 501834112078-1208612078-12085MaybeSecurity Update4.8.09110.075020695https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206245017497, 5018859, 501854612078-1192712078-11926MaybeSecurity Update4.8.04584.085020694https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206135017651, 501820211650-1209711650-1209811650-12099MaybeSecurity Update4.8.04584.085020688https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206305013870, 501854711863-1004811863-1004711863-1004911863-10051MaybeMonthly Rollup4.7.04005.025020678https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502061211863-1004811863-1004711863-1004911863-10051MaybeSecurity Only6.0.04005.0150206955017497, 5018859, 501854611650-11927MaybeSecurity Update4.8.04584.085020694https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206235017651, 501820212078-1209912078-1209812078-12097MaybeSecurity Update4.8.09110.075020690https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206295016568, 501854911863-1054311863-1048211863-1048111863-1048411863-10483MaybeMonthly Rollup4.8.04005.025020680https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502061111863-1054311863-1048211863-1048111863-1048411863-10483MaybeSecurity Only6.3.04005.015020686https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206235017498, 5018856, 501854312078-1180212078-11801MaybeSecurity Update4.8.09110.075020695https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206175017497, 5018859, 501854611650-11926MaybeSecurity Update4.8.04584.085020691https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206305018550, 501387312115-931812115-931212115-1028712115-9344MaybeMonthly Rollup4.7.04005.025020681https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502061212115-931812115-931212115-1028712115-9344MaybeSecurity Only6.0.04005.015020685https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206155013868, 501854211650-11570MaybeSecurity Update10.0.04585.025020692https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206195017501, 5018860, 501855111650-1192311650-11924MaybeSecurity Update4.8.04584.085020692https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50206325017501, 5018860, 501855112078-1192312078-11924MaybeSecurity Update4.8.09110.075019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970501842512136-1072912136-10735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997012136-1072912136-107351.02022-11-08T08:00:00<p>Information published.</p>
2.02022-11-14T08:00:00<p>In the Security Updates table, added .NET Framework 4.8 installed on supported editions of Windows Server 2022, and added .NET Framework 4.8.1 installed on supported editions of Windows Server 2022 as these versions of Window Server 2022 with .NET Framework 4.8 or 4.8.1 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.</p>
2.12022-11-15T08:00:00<p>In the Security Updates table, removed unsupported version of .NET Framework on Windows 10 version 1809. This is an informational update only.</p>
1.12022-11-10T08:00:00<p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p>
2.22022-12-15T08:00:00<p>The following revisions have been made: 1) Added .NET Framework 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
3.02023-02-01T08:00:00<p>In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.</p>
GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI<p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Azure cli, which is published on GitHub and for which GitHub is the CVE Naming Authority (CNA). It is being documented in the Security Update Guide to inform customers using the azure-cli that they need to apply the updated version. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
AzureGitHub, Inc.CVE-2022-3932712103Remote Code Execution12103Critical12103Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/AImproper Control of Generation of Code ('Code Injection') in Azure CLIhttps://github.com/Azure/azure-cli/releases/tag/azure-cli-2.42.02.41.012103MaybeSecurity Update2.42.01.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>A locally authenticated attacker could manipulate information on Windows System Monitor (Sysmon) to achieve elevation from local user to SYSTEM admin.</p>
SysInternalsMicrosoftCVE-2022-4112012114Elevation of Privilege12114Important12114Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C12114Release Noteshttps://download.sysinternals.com/files/Sysmon.zip12114MaybeSecurity Update14.11<a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS1.02022-11-08T08:00:00<p>Information published.</p>
1.12022-12-22T08:00:00<p>Corrected the affected product name in the CVE title and in the FAQs. This is an informational change only.</p>
Microsoft SharePoint Server Spoofing Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p>
Microsoft Office SharePointMicrosoftCVE-2022-411221095011099115851196110612Spoofing10950Spoofing11099Spoofing11585Spoofing11961Spoofing10612Important10950Important11099Important11585Important11961Important10612Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A6.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C109506.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C110996.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115856.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119616.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106125002269https://www.microsoft.com/download/details.aspx?familyid=27e5d441-41bb-42c3-8e4e-14775c96de2d500222210950MaybeSecurity Update16.0.5361.10025002269https://support.microsoft.com/help/5002269109505002264https://www.microsoft.com/download/details.aspx?familyid=21ec2696-1aff-4662-b0a4-f0fad0c99a0511099MaybeCumulative Update15.0.5485.10005002267https://www.microsoft.com/download/details.aspx?familyid=3f67bfcd-bc5d-4202-9cc1-f75a382ce3b650022191109910612MaybeSecurity Update15.0.5485.10005002267https://support.microsoft.com/help/500226711099106125002258https://www.microsoft.com/download/details.aspx?familyid=df4dec61-80ba-4027-8bca-07c92570f48e500221211585MaybeSecurity Update16.0.10390.200005002258https://support.microsoft.com/help/5002258115855002271https://www.microsoft.com/download/details.aspx?familyid=ea9525e4-53f9-42ee-ae42-cc83495a62a411961MaybeSecurity Update16.0.15601.200525002271https://support.microsoft.com/help/500227111961<a href="https://twitter.com/cursered">Li Jian Tao (@CurseRed)</a> with <a href="https://starlabs.sg/">STAR Labs</a>1.02022-11-08T08:00:00<p>Information published. This CVE was addressed by updates that were released in September 2022, but the CVE was omitted from the September 2022 Security Updates. This is an informational change only. Customers who have already installed the September 2022 update do not need to take any further action.</p>
Microsoft Exchange Server Spoofing Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p>
<p>Yes, the attacker must be authenticated.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p>
<p>If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.</p>
Microsoft Exchange ServerMicrosoftCVE-2022-410781168211956119571203812039Spoofing11682Spoofing11956Spoofing11957Spoofing12038Spoofing12039Important11682Important11956Important11957Important12038Important12039Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A8.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116828.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119568.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119578.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120388.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120395019758https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997501907611682YesSecurity Update15.00.1497.0445019758https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a501907711956YesSecurity Update15.01.2375.0375019758https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef501907711957YesSecurity Update15.02.0986.0365019758https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2501907712038YesSecurity Update15.02.1118.0205019758https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62501907712039YesSecurity Update15.01.2507.016<a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>1.02022-11-08T08:00:00<p>Information published.</p>
1.12022-12-13T08:00:00<p>Updated FAQ information. This is an informational change only.</p>
Microsoft Exchange Server Elevation of Privilege VulnerabilityMicrosoft Exchange ServerMicrosoftCVE-2022-4112312038120391195711956Elevation of Privilege12038Elevation of Privilege12039Elevation of Privilege11957Elevation of Privilege11956Important12038Important12039Important11957Important11956Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120387.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120397.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119577.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119565019758https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2501907712038YesSecurity Update15.02.1118.0205019758https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62501907712039YesSecurity Update15.01.2507.0165019758https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef501907711957YesSecurity Update15.02.0986.0365019758https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a501907711956YesSecurity Update15.01.2375.037<a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p>
<p>Yes, the attacker must be authenticated.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p>
<p>If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.</p>
Microsoft Exchange ServerMicrosoftCVE-2022-410791203812039119561168211957Spoofing12038Spoofing12039Spoofing11956Spoofing11682Spoofing11957Important12038Important12039Important11956Important11682Important11957Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A8.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120388.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120398.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119568.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116828.07.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119575019758https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2501907712038YesSecurity Update15.02.1118.0205019758https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62501907712039YesSecurity Update15.01.2507.0165019758https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a501907711956YesSecurity Update15.01.2375.0375019758https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997501907611682YesSecurity Update15.00.1497.0445019758https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef501907711957YesSecurity Update15.02.0986.036Piotr Bazydlo (@chudypb) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a><a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab1.02022-11-08T08:00:00<p>Information published.</p>
1.12022-11-15T08:00:00<p>Added acknowledgements. This is an informational change only.</p>
1.22022-12-13T08:00:00<p>Updated FAQ information. This is an informational change only.</p>
Microsoft Exchange Server Elevation of Privilege VulnerabilityMicrosoft Exchange ServerMicrosoftCVE-2022-410801203912038116821195711956Elevation of Privilege12039Elevation of Privilege12038Elevation of Privilege11682Elevation of Privilege11957Elevation of Privilege11956Critical12039Critical12038Critical11682Critical11957Critical11956Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A8.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120398.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120388.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116828.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119578.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119565019758https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62501907712039YesSecurity Update15.01.2507.0165019758https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2501907712038YesSecurity Update15.02.1118.0205019758https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997501907611682YesSecurity Update15.00.1497.0445019758https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef501907711957YesSecurity Update15.02.0986.0365019758https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a501907711956YesSecurity Update15.01.2375.037<a href="https://twitter.com/rskvp93">rskvp93</a>, <a href="https://twitter.com/_q5ca">Q5Ca</a> and <a href="https://twitter.com/hoangnx99">nxhoang99</a> with <a href="https://lab.viettelcybersecurity.com/">VcsLab of Viettel Cyber Security</a><a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab1.02022-11-08T08:00:00<p>Information published.</p>
1.12022-12-15T08:00:00<p>Added an acknowledgement. This is an informational change only.</p>
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun<p><strong>Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>Where can I find further guidance for this OpenSSL vulnerability?</strong></p>
<p>For more information and guidance see <a href="https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/">Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)</a>.</p>
Open Source SoftwareOpenSSL Software FoundationCVE-2022-3602116691211612117116691211612117116691211612117Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;DOS:N/ARelease Noteshttps://github.com/Azure/AKS/issues/329911669MaybeSecurity Update2022.11.02Release Noteshttps://devblogs.microsoft.com/cppblog/fix-for-high-risk-openssl-security-vulnerabilities-announced-guidance-for-vcpkg-users/1211612117MaybeSecurity Update1.02022-11-02T07:00:00<p>Information published.</p>
Windows Scripting Languages Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p>
<p><strong>The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?</strong></p>
<p>This vulnerability impacts the JScript9 scripting language.</p>
Windows ScriptingMicrosoftCVE-2022-41128115681156911570115711189611897118981192311801118021192611927119291193011931120851208612097120981209910729107351085210853108161004710048104811048210484100511037810483Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12085Remote Code Execution12086Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10047Remote Code Execution10048Remote Code Execution10481Remote Code Execution10482Remote Code Execution10484Remote Code Execution10051Remote Code Execution10378Remote Code Execution10483Critical11568Critical11569Critical11570Critical11571Critical11896Critical11897Critical11898Critical11923Critical11801Critical11802Critical11926Critical11927Critical11929Critical11930Critical11931Critical12085Critical12086Critical12097Critical12098Critical12099Critical10729Critical10735Critical10852Critical10853Critical10816Critical10047Critical10048Critical10481Critical10482Critical10484Critical10051Critical10378Critical10483Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A8.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C115688.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C115698.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C115708.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C115718.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C118968.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C118978.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C118988.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119238.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C118018.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C118028.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119268.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119278.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119298.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119308.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C119318.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C120858.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C120868.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C120978.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C120988.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C120998.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C107298.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C107358.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C108528.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C108538.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C108168.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C100478.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C100488.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C104818.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C104828.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C104848.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C100518.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C103788.88.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C104835019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966501841911568115691157011571YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/5019966115681156911570115715019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081501842111923YesSecurity Update10.0.20348.1249501908011923YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199645018411108521085310816YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200005018454100471004810051YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/50200001004710048100515020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013100471004810051YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/50200131004710048100515019958https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958100471004810051YesIE Cumulative6.1.7601.262215020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200235018474104811048210483YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210484104835020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200101048110482YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/502001010481104825019958https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199581048110482YesIE Cumulative6.3.9600.206705020023501847410484YesMonthly Rollup6.3.9600.206715020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009501845710378YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/5020009103785020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000310378YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/5020003103785019958https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995810378YesIE Cumulative6.2.9200.23968Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group1.02022-11-08T08:00:00<p>Information published.</p>
Windows Hyper-V Denial of Service Vulnerability<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p>
Role: Windows Hyper-VMicrosoftCVE-2022-380151156911571115721189611923119241192611931120861209710735108531081610855Denial of Service11569Denial of Service11571Denial of Service11572Denial of Service11896Denial of Service11923Denial of Service11924Denial of Service11926Denial of Service11931Denial of Service12086Denial of Service12097Denial of Service10735Denial of Service10853Denial of Service10816Denial of Service10855Critical11569Critical11571Critical11572Critical11896Critical11923Critical11924Critical11926Critical11931Critical12086Critical12097Critical10735Critical10853Critical10816Critical10855Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A6.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C115696.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C115716.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C115726.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C118966.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C119236.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C119246.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C119266.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C119316.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C120866.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C120976.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C107356.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C108536.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C108166.55.7CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C108555019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199665018419115691157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/50199661156911571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959501841011896YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/50199591189611931120975019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961501841811926YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959501841011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980501842712086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/5019980120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995912097YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970501842510735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/5019970107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199645018411108531081610855YesSecurity Update10.0.14393.5501Eran Segal with <a href="https://www.safebreach.com/">Safebreach</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Kerberos Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges.</p>
<p><strong>Where can I find more information about these changes?</strong></p>
<p>For more information please see <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a>.</p>
<p><strong>Do I need to take further steps to be protected from this vulnerability?</strong></p>
<p>Yes. Please review the KB article <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a>. This recommends that you:</p>
<ol>
<li>Use audit mode to review logs.</li>
<li>Review third-party servers and clients.</li>
</ol>
<p><strong>If I install the updates and take no further action, what will be the impact?</strong></p>
<p>Initially you will not be secure. There are additional actions an administrator needs to take that are outlined in the <a href="https://support.microsoft.com/help/5020805">KB article</a>.</p>
<p><strong>Why do I need to follow the guidelines in how to manage the changes in Kerberos associated with CVE-2022-37967?</strong></p>
<p>There is a risk of exploitation of the noted vulnerability if you don't take the required actions.</p>
<p><strong>How does Microsoft plan to address this vulnerability?</strong></p>
<p>To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.</p>
<p>UPDATE: Microsoft has released the October 2023 Windows security updates to implement Phase Five. For more information see <a href="https://support.microsoft.com/kb/5020805">KB article</a>.</p>
<p><strong>What is the timeline for this rollout?</strong></p>
<p>Please refer to the planned enforcement timeline in the <a href="https://support.microsoft.com/help/5020805">KB article</a>.</p>
<p><strong>How can I be notified when the further updates are available?</strong></p>
<p>When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p>
<p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p>
<p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p>
Windows KerberosMicrosoftCVE-2022-3796711571115721192311924108161085593121028793189344100511004910378103791048310543Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Critical11571Critical11572Critical11923Critical11924Critical10816Critical10855Critical9312Critical10287Critical9318Critical9344Critical10051Critical10049Critical10378Critical10379Critical10483Critical10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.26.3CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435031361https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503136150302141157111572YesSecurity Update10.0.17763.49745031364https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503136450302161192311924YesSecurity Update10.0.20348.20315031364http://support.microsoft.com/help/503136411923119245031362https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503136250302131081610855YesSecurity Update10.0.14393.63515031416https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416503027193121028793189344YesMonthly Rollup6.0.6003.223175031416http://support.microsoft.com/kb/5031416931210287931893445031411https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503141193121028793189344YesSecurity Only6.0.6003.223175031411http://support.microsoft.com/kb/5031411931210287931893445031408https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503140850302651005110049YesMonthly Rollup6.1.7601.267695031408http://support.microsoft.com/kb/503140810051100495031441https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50314411005110049YesSecurity Only6.1.7601.267695031441http://support.microsoft.com/kb/503144110051100495031442https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503144250302781037810379YesMonthly Rollup6.2.9200.245235031427https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50314271037810379YesSecurity Only6.2.9200.245235031419https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB503141950302691048310543YesMonthly Rollup6.3.9600.216205031407https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50314071048310543YesSecurity Only6.3.9600.216204.12023-07-18T07:00:00<p>Removed the Security Hotpatch Update for the July 2023 revision as that package doesn't exist for this release cycle. You must install the Security Update to get the updated software.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
2.02022-12-13T08:00:00<p>Microsoft is announcing the release of the second phase of Windows security updates to address this vulnerability. These updates make changes to the Kerberos protocol to audit Windows devices by moving Windows domain controllers to Audit mode. With this update, all devices will be in Audit mode by default. Microsoft strongly recommends that customers install the December updates to be fully protected from this vulnerability. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p>
<p>For more information see <a href="https://support.microsoft.com/kb/5020805">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967</a>.</p>
3.02023-06-13T07:00:00<p>Microsoft is announcing the release of the third phase of Windows security updates to address this vulnerability. These updates remove the ability to disable PAC signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft strongly recommends that customers install the June updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p>
4.02023-07-11T07:00:00<p>Microsoft is announcing the release of the fourth phase of Windows security updates to address this vulnerability. These updates remove the ability to set value 1 for the KrbtgtFullPacSignature subkey, and enable the Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting. Microsoft strongly recommends that customers install the July updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p>
5.02023-10-10T07:00:00<p>Microsoft is announcing the release of the fifth phase of Windows security updates to address this vulnerability. These updates remove support for the registry subkey <strong>KrbtgtFullPacSignature</strong> and remove support for Audit mode. Further, all service tickets without the new PAC signatures will now be denied authentication. Microsoft strongly recommends that customers install the October 2023 updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action, but should review the article to fully understand the impact of these updates.</p>
Netlogon RPC Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
<p><strong>Does this vulnerability affect client operating systems?</strong></p>
<p>This vulnerability only applies the Windows Server versions listed in the Security Update table.</p>
<p><strong>Where can I find more information about these changes?</strong></p>
<p>For more information please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a>.</p>
<p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p>
<p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.</p>
<p><strong>How does Microsoft plan to address this vulnerability?</strong></p>
<p>To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.</p>
<p><strong>What is the timeline for this rollout?</strong></p>
<p>Please refer to the planned enforcement timeline in the KB article: <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a>.</p>
<p><strong>How can I be notified when the further updates are available?</strong></p>
<p>When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p>
Windows NetlogonMicrosoftCVE-2022-3802311571115721192311924108161085593121028793189344100511004910378103791048310543Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11571Important11572Important11923Important11924Important10816Important10855Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A8.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93128.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102878.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93188.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93448.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100498.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435028168https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502816850272221157111572YesSecurity Update10.0.17763.46455028168https://support.microsoft.com/help/502816811571115725028171https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502817150272251192311924YesSecurity Update10.0.20348.18505028171https://support.microsoft.com/help/502817111923119245028169https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502816950272191081610855YesSecurity Update10.0.14393.60855028222https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222502727993121028793189344YesMonthly Rollup6.0.6003.221755028222https://support.microsoft.com/help/5028222931210287931893445028226https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502822693121028793189344YesSecurity Only6.0.6003.221755028226https://support.microsoft.com/help/5028226931210287931893445028240https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502824050272751005110049YesMonthly Rollup6.1.7601.266235028240https://support.microsoft.com/help/502824010051100495028224https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50282241005110049YesSecurity Only6.1.7601.266235028224https://support.microsoft.com/help/502822410051100495028232https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502823250272831037810379YesMonthly Rollup6.2.9200.243745028233https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50282331037810379YesSecurity Only6.2.9200.243745028228https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502822850272711048310543YesMonthly Rollup6.3.9600.210635028223https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50282231048310543YesSecurity Only6.3.9600.210752.12023-06-13T07:00:00<p>Updated FAQ information. This is an informational change only.</p>
3.12023-07-18T07:00:00<p>Removed the Security Hotpatch Update for the July 2023 revision as that package doesn't exist for this release cycle. You must install the Security Update to get the updated software.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
2.02023-04-11T07:00:00<p>Microsoft is announcing the release of the second phase of Windows security updates to address this vulnerability. The April 2023 updates remove the ability to disable RPC sealing by setting value 0 to the RequireSeal registry subkey. Please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a> for more information, including the planned enforcement timeline.</p>
3.02023-07-11T07:00:00<p>Microsoft is announcing the release of the fourth phase of Windows security updates to address this vulnerability. The July 2023 updates remove the ability to set value 1 to the RequireSeal registry subkey and enables the Enforcement phase. Please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a> for more information, including the planned enforcement timeline.</p>
Windows Group Policy Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Group Policy Preference ClientMicrosoftCVE-2022-3799211568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Andrea Pierini (@decoder_it) with Semperis1.02022-11-08T08:00:00<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
Windows Point-to-Point Tunneling ProtocolMicrosoftCVE-2022-41039115681156911570115711157211896118971189811923119241180111802119261192711929119301193112085120861209712098120991072910735108521085310816108551004710048104811048210484100511004910378103791048310543Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11572Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11924Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12085Remote Code Execution12086Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10855Remote Code Execution10047Remote Code Execution10048Remote Code Execution10481Remote Code Execution10482Remote Code Execution10484Remote Code Execution10051Remote Code Execution10049Remote Code Execution10378Remote Code Execution10379Remote Code Execution10483Remote Code Execution10543Critical11568Critical11569Critical11570Critical11571Critical11572Critical11896Critical11897Critical11898Critical11923Critical11924Critical11801Critical11802Critical11926Critical11927Critical11929Critical11930Critical11931Critical12085Critical12086Critical12097Critical12098Critical12099Critical10729Critical10735Critical10852Critical10853Critical10816Critical10855Critical10047Critical10048Critical10481Critical10482Critical10484Critical10051Critical10049Critical10378Critical10379Critical10483Critical10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A8.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115688.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115698.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115708.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118968.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118978.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118988.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118018.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118028.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119268.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119278.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119298.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119308.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119318.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120858.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120868.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120978.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120988.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120998.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107298.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107358.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108528.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108538.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100478.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100488.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104818.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104828.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104848.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100498.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a><a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Group Policy Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p>
Windows Group Policy Preference ClientMicrosoftCVE-2022-4108611568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A6.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115686.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115696.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115706.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115716.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115726.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118966.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118976.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118986.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119236.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119246.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118016.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118026.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119266.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119276.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119296.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119306.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119316.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120856.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120866.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120976.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120986.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120996.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107296.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107356.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108526.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108536.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108166.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108556.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100476.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100486.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104816.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104826.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104846.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93126.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102876.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93186.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93446.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100516.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100496.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103786.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103796.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104836.45.6CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Matthieu Buffet1.02022-11-08T08:00:00<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
Windows Point-to-Point Tunneling ProtocolMicrosoftCVE-2022-410441004710048931210287931893441005110049Remote Code Execution10047Remote Code Execution10048Remote Code Execution9312Remote Code Execution10287Remote Code Execution9318Remote Code Execution9344Remote Code Execution10051Remote Code Execution10049Critical10047Critical10048Critical9312Critical10287Critical9318Critical9344Critical10051Critical10049Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A8.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100478.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100488.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93128.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102878.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93188.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93448.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100495020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/502000593121028793189344Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team1.02022-11-08T08:00:00<p>Information published.</p>
GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Successful exploitation of this vulnerability requires a malicious actor to convince a victim to close a repository with a symbolic link pointing to sensitive information on a victim's machine.</p>
<p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p>For more information see: <a href="https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85">Local clone optimization dereferences symbolic links by default</a>.</p>
Visual StudioGitHubCVE-2022-392531193512081119691160012051Information Disclosure11935Information Disclosure12081Information Disclosure11969Information Disclosure11600Information Disclosure12051Important11935Important12081Important11969Important11600Important12051Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/ARelease Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.1111935MaybeSecurity Update16.11.21Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.312081MaybeSecurity Update17.3.7Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.011969MaybeSecurity Update17.0.16Release Noteshttp://aka.ms/vs/15/release/latest11600MaybeSecurity Update15.9.51Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.212051MaybeSecurity Update17.2.101.02022-11-08T08:00:00<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.</p>
Windows Point-to-Point Tunneling ProtocolMicrosoftCVE-2022-410881156811569115701157111572118961189711898119231192411801118021192611927119291193011931120851208612097120981209910729107351085210853108161085510481104821048410378103791048310543Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11572Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11924Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12085Remote Code Execution12086Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10855Remote Code Execution10481Remote Code Execution10482Remote Code Execution10484Remote Code Execution10378Remote Code Execution10379Remote Code Execution10483Remote Code Execution10543Critical11568Critical11569Critical11570Critical11571Critical11572Critical11896Critical11897Critical11898Critical11923Critical11924Critical11801Critical11802Critical11926Critical11927Critical11929Critical11930Critical11931Critical12085Critical12086Critical12097Critical12098Critical12099Critical10729Critical10735Critical10852Critical10853Critical10816Critical10855Critical10481Critical10482Critical10484Critical10378Critical10379Critical10483Critical10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A8.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115688.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115698.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115708.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118968.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118978.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118988.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118018.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118028.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119268.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119278.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119298.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119308.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119318.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120858.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120868.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120978.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120988.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120998.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107298.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107358.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108528.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108538.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104818.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104828.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104848.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.17.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p>
Windows ALPCMicrosoftCVE-2022-4104511568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Point-to-Point Tunneling ProtocolMicrosoftCVE-2022-41090115681156911570115711157211896118971189811923119241180111802119261192711929119301193112085120861209712098120991072910735108521085310816108551004710048104811048210484100511004910378103791048310543Denial of Service11568Denial of Service11569Denial of Service11570Denial of Service11571Denial of Service11572Denial of Service11896Denial of Service11897Denial of Service11898Denial of Service11923Denial of Service11924Denial of Service11801Denial of Service11802Denial of Service11926Denial of Service11927Denial of Service11929Denial of Service11930Denial of Service11931Denial of Service12085Denial of Service12086Denial of Service12097Denial of Service12098Denial of Service12099Denial of Service10729Denial of Service10735Denial of Service10852Denial of Service10853Denial of Service10816Denial of Service10855Denial of Service10047Denial of Service10048Denial of Service10481Denial of Service10482Denial of Service10484Denial of Service10051Denial of Service10049Denial of Service10378Denial of Service10379Denial of Service10483Denial of Service10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A5.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115685.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115695.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115705.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115715.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115725.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118965.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118975.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118985.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119235.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119245.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118015.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118025.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119265.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119275.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119295.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119305.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119315.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120855.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120865.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120975.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120985.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120995.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107295.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107355.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108525.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108535.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108165.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108555.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100475.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100485.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104815.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104825.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104845.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100515.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100495.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103785.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103795.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104835.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft ODBC Driver Remote Code Execution Vulnerability<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p>
Windows ODBC DriverMicrosoftCVE-2022-4104711568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11572Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11924Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12085Remote Code Execution12086Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10855Remote Code Execution10047Remote Code Execution10048Remote Code Execution10481Remote Code Execution10482Remote Code Execution10484Remote Code Execution9312Remote Code Execution10287Remote Code Execution9318Remote Code Execution9344Remote Code Execution10051Remote Code Execution10049Remote Code Execution10378Remote Code Execution10379Remote Code Execution10483Remote Code Execution10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A8.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115688.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115698.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115708.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118968.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118978.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118988.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118018.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118028.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119268.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119278.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119298.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119308.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119318.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120858.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120868.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120978.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120988.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120998.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107298.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107358.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108528.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108538.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100478.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100488.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104818.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104828.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104848.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93128.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102878.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93188.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93448.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100498.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Haifei Li with <a href="https://cyberkl.com/">CyberKL Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft ODBC Driver Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>To successfully exploit this vulnerability, a user must execute a SQL command.</p>
Windows ODBC DriverMicrosoftCVE-2022-4104811568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11572Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11924Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12085Remote Code Execution12086Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10855Remote Code Execution10047Remote Code Execution10048Remote Code Execution10481Remote Code Execution10482Remote Code Execution10484Remote Code Execution9312Remote Code Execution10287Remote Code Execution9318Remote Code Execution9344Remote Code Execution10051Remote Code Execution10049Remote Code Execution10378Remote Code Execution10379Remote Code Execution10483Remote Code Execution10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A8.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115688.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115698.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115708.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115718.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115728.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118968.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118978.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118988.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119238.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119248.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118018.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118028.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119268.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119278.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119298.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119308.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119318.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120858.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120868.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120978.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120988.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120998.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107298.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107358.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108528.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108538.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108168.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108558.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100478.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100488.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104818.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104828.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104848.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93128.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102878.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93188.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93448.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100518.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100498.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103788.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103798.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104838.87.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Haifei Li with <a href="https://cyberkl.com/">CyberKL Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Mark of the Web Security Feature Bypass Vulnerability<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<ul>
<li>In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.</li>
<li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.</li>
<li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.</li>
</ul>
<p>In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>
<p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p>
Windows Mark of the Web (MOTW)MicrosoftCVE-2022-4109111568115691157011571115721189611897118981192311924118011180211926119271192911930119311072910735108521085310816108551208612085120981209912097Security Feature Bypass11568Security Feature Bypass11569Security Feature Bypass11570Security Feature Bypass11571Security Feature Bypass11572Security Feature Bypass11896Security Feature Bypass11897Security Feature Bypass11898Security Feature Bypass11923Security Feature Bypass11924Security Feature Bypass11801Security Feature Bypass11802Security Feature Bypass11926Security Feature Bypass11927Security Feature Bypass11929Security Feature Bypass11930Security Feature Bypass11931Security Feature Bypass10729Security Feature Bypass10735Security Feature Bypass10852Security Feature Bypass10853Security Feature Bypass10816Security Feature Bypass10855Security Feature Bypass12086Security Feature Bypass12085Security Feature Bypass12098Security Feature Bypass12099Security Feature Bypass12097Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important10729Important10735Important10852Important10853Important10816Important10855Important12086Important12085Important12098Important12099Important12097Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation More Likely;DOS:N/A5.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C115685.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C115695.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C115705.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C115715.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C115725.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C118965.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C118975.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C118985.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119235.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119245.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C118015.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C118025.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119265.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119275.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119295.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119305.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C119315.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C107295.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C107355.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C108525.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C108535.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C108165.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C108555.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C120865.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C120855.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C120985.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C120995.44.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C120975019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209812099120975019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208612085YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012086120855019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120981209912097YesSecurity Update10.0.19045.22511.02022-11-08T08:00:00<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Win32KMicrosoftCVE-2022-410921189611897118981192311924118011180211926119271192911930119311208512086120971209812099Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.2251namnp working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.02022-11-08T08:00:00<p>Information published.</p>
Windows Mark of the Web Security Feature Bypass Vulnerability<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<ul>
<li>In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.</li>
<li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.</li>
<li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.</li>
</ul>
<p>In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p>
<p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p>
Windows Mark of the Web (MOTW)MicrosoftCVE-2022-4104911568115691157011571115721189611897118981192311924118011180211926119271192911930119311072910735108521085310816108551208612085120991209712098Security Feature Bypass11568Security Feature Bypass11569Security Feature Bypass11570Security Feature Bypass11571Security Feature Bypass11572Security Feature Bypass11896Security Feature Bypass11897Security Feature Bypass11898Security Feature Bypass11923Security Feature Bypass11924Security Feature Bypass11801Security Feature Bypass11802Security Feature Bypass11926Security Feature Bypass11927Security Feature Bypass11929Security Feature Bypass11930Security Feature Bypass11931Security Feature Bypass10729Security Feature Bypass10735Security Feature Bypass10852Security Feature Bypass10853Security Feature Bypass10816Security Feature Bypass10855Security Feature Bypass12086Security Feature Bypass12085Security Feature Bypass12099Security Feature Bypass12097Security Feature Bypass12098Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important10729Important10735Important10852Important10853Important10816Important10855Important12086Important12085Important12099Important12097Important12098Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A5.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C115685.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C115695.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C115705.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C115715.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C115725.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C118965.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C118975.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C118985.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119235.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119245.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C118015.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C118025.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119265.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119275.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119295.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119305.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C119315.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C107295.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C107355.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C108525.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C108535.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C108165.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C108555.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C120865.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C120855.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C120995.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C120975.45.0CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C120985019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209912097120985019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208612085YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012086120855019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120991209712098YesSecurity Update10.0.19045.2251Will Dormann <a href="https://www.cert.org">CERT/CC</a>1.12022-11-11T08:00:00<p>Updated CVE to correct exploit status. This is an informational update only.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p>
Windows Advanced Local Procedure CallMicrosoftCVE-2022-41093115681156911570115711157211896118971189811923119241180111802119261192711929119301193112085120861209712098120991072910735108521085310816108551048110482104841048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10481Important10482Important10484Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.20670<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p>
Windows Extensible File AllocationMicrosoftCVE-2022-4105011568115691157011571115721189611897118981192311924118011180211926119271192911930119311072910735108521085310816108551208512086120981209712099Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12098Elevation of Privilege12097Elevation of Privilege12099Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important10729Important10735Important10852Important10853Important10816Important10855Important12085Important12086Important12098Important12097Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209812097120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120981209712099YesSecurity Update10.0.19045.2251HyungSeok Joo1.02022-11-08T08:00:00<p>Information published.</p>
Azure RTOS GUIX Studio Remote Code Execution Vulnerability<p><strong>What is RTOS?</strong></p>
<p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p>
<p><strong>What is Azure RTOS GUIX Studio?</strong></p>
<p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user of any privilege would need to run the malicious file downloaded via email, website or a thumb drive in order for the attack to be successful.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Azure Real Time Operating SystemMicrosoftCVE-2022-4105112055Remote Code Execution12055Important12055Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C12055Release Noteshttps://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=us12055MaybeSecurity Update6.2.0.0HP of Cyber Kunlun Lab1.02022-11-08T08:00:00<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Graphics ComponentMicrosoftCVE-2022-410521156811569115701157111572118961189711898119231192411801118021192611927119291193011931120971209812099107291073510852108531081610855Remote Code Execution11568Remote Code Execution11569Remote Code Execution11570Remote Code Execution11571Remote Code Execution11572Remote Code Execution11896Remote Code Execution11897Remote Code Execution11898Remote Code Execution11923Remote Code Execution11924Remote Code Execution11801Remote Code Execution11802Remote Code Execution11926Remote Code Execution11927Remote Code Execution11929Remote Code Execution11930Remote Code Execution11931Remote Code Execution12097Remote Code Execution12098Remote Code Execution12099Remote Code Execution10729Remote Code Execution10735Remote Code Execution10852Remote Code Execution10853Remote Code Execution10816Remote Code Execution10855Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108555019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.5501Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Digital Media Receiver Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Digital MediaMicrosoftCVE-2022-410951156811569115701157111572118961189711898119231192411801118021192611929119301193112085120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11929Important11930Important11931Important12085Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961501841811926YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980501842712085YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/5019980120855019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/502000310378103791.02022-11-08T08:00:00<p>Information published.</p>
Windows Kerberos Denial of Service VulnerabilityWindows KerberosMicrosoftCVE-2022-4105311568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Denial of Service11568Denial of Service11569Denial of Service11570Denial of Service11571Denial of Service11572Denial of Service11896Denial of Service11897Denial of Service11898Denial of Service11923Denial of Service11924Denial of Service11801Denial of Service11802Denial of Service11926Denial of Service11927Denial of Service11929Denial of Service11930Denial of Service11931Denial of Service12085Denial of Service12086Denial of Service12097Denial of Service12098Denial of Service12099Denial of Service10729Denial of Service10735Denial of Service10852Denial of Service10853Denial of Service10816Denial of Service10855Denial of Service10047Denial of Service10048Denial of Service10481Denial of Service10482Denial of Service10484Denial of Service9312Denial of Service10287Denial of Service9318Denial of Service9344Denial of Service10051Denial of Service10049Denial of Service10378Denial of Service10379Denial of Service10483Denial of Service10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115687.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115697.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115707.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115717.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115727.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118967.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119237.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119247.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118017.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118027.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119267.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119277.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119307.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119317.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120857.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120867.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120997.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107357.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108527.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108537.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108167.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108557.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100477.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100487.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104817.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104827.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104847.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93127.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C102877.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93187.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93447.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100517.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100497.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103787.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103797.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104837.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft DWM Core Library Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM Core LibraryMicrosoftCVE-2022-4109611568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.2251Keqi Hu1.02022-11-08T08:00:00<p>Information published.</p>
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Resilient File System (ReFS)MicrosoftCVE-2022-410541208512097119231208612098120991192711931118981192411929119301192611897118021180111571118961157210855115701156910852108161085311568Elevation of Privilege12085Elevation of Privilege12097Elevation of Privilege11923Elevation of Privilege12086Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege11927Elevation of Privilege11931Elevation of Privilege11898Elevation of Privilege11924Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11926Elevation of Privilege11897Elevation of Privilege11802Elevation of Privilege11801Elevation of Privilege11571Elevation of Privilege11896Elevation of Privilege11572Elevation of Privilege10855Elevation of Privilege11570Elevation of Privilege11569Elevation of Privilege10852Elevation of Privilege10816Elevation of Privilege10853Elevation of Privilege11568Important12085Important12097Important11923Important12086Important12098Important12099Important11927Important11931Important11898Important11924Important11929Important11930Important11926Important11897Important11802Important11801Important11571Important11896Important11572Important10855Important11570Important11569Important10852Important10816Important10853Important11568Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115685019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192711926YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119311192911930YesSecurity Update10.0.19044.22515019959https://support.microsoft.com/help/501995912097120981209911931118981192911930118971180211801118965019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118981189711896YesSecurity Update10.0.19043.22515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180211801YesSecurity Update10.0.19042.22515019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191157111572115701156911568YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611571115721157011569115685019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110855108521081610853YesSecurity Update10.0.14393.5501<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p>
Network Policy Server (NPS)MicrosoftCVE-2022-4109711568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Information Disclosure11568Information Disclosure11569Information Disclosure11570Information Disclosure11571Information Disclosure11572Information Disclosure11896Information Disclosure11897Information Disclosure11898Information Disclosure11923Information Disclosure11924Information Disclosure11801Information Disclosure11802Information Disclosure11926Information Disclosure11927Information Disclosure11929Information Disclosure11930Information Disclosure11931Information Disclosure12085Information Disclosure12086Information Disclosure12097Information Disclosure12098Information Disclosure12099Information Disclosure10729Information Disclosure10735Information Disclosure10852Information Disclosure10853Information Disclosure10816Information Disclosure10855Information Disclosure10047Information Disclosure10048Information Disclosure10481Information Disclosure10482Information Disclosure10484Information Disclosure9312Information Disclosure10287Information Disclosure9318Information Disclosure9344Information Disclosure10051Information Disclosure10049Information Disclosure10378Information Disclosure10379Information Disclosure10483Information Disclosure10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A6.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115686.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115696.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115706.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115716.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115726.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118966.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118976.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118986.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119236.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119246.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118016.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118026.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119266.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119276.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119296.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119306.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119316.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120856.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120866.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120976.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120986.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120996.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107296.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107356.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108526.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108536.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108166.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108556.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100476.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100486.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104816.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104826.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104846.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93126.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C102876.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93186.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93446.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100516.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100496.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C103786.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C103796.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104836.55.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Human Interface Device Information Disclosure Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Devices Human InterfaceMicrosoftCVE-2022-4105511568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099Information Disclosure11568Information Disclosure11569Information Disclosure11570Information Disclosure11571Information Disclosure11572Information Disclosure11896Information Disclosure11897Information Disclosure11898Information Disclosure11923Information Disclosure11924Information Disclosure11801Information Disclosure11802Information Disclosure11926Information Disclosure11927Information Disclosure11929Information Disclosure11930Information Disclosure11931Information Disclosure12085Information Disclosure12086Information Disclosure12097Information Disclosure12098Information Disclosure12099Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115685.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115695.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115705.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115715.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115725.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118965.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118975.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118985.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119235.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119245.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118015.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118025.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119265.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119275.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119295.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119305.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119315.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120855.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120865.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120975.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120985.54.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120995019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.2251<a href="https://github.com/troy532">Troy532</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows GDI+ Information Disclosure Vulnerability<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Win32KMicrosoftCVE-2022-4109811568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Information Disclosure11568Information Disclosure11569Information Disclosure11570Information Disclosure11571Information Disclosure11572Information Disclosure11896Information Disclosure11897Information Disclosure11898Information Disclosure11923Information Disclosure11924Information Disclosure11801Information Disclosure11802Information Disclosure11926Information Disclosure11927Information Disclosure11929Information Disclosure11930Information Disclosure11931Information Disclosure12085Information Disclosure12086Information Disclosure12097Information Disclosure12098Information Disclosure12099Information Disclosure10729Information Disclosure10735Information Disclosure10852Information Disclosure10853Information Disclosure10816Information Disclosure10855Information Disclosure10047Information Disclosure10048Information Disclosure10481Information Disclosure10482Information Disclosure10484Information Disclosure9312Information Disclosure10287Information Disclosure9318Information Disclosure9344Information Disclosure10051Information Disclosure10049Information Disclosure10378Information Disclosure10379Information Disclosure10483Information Disclosure10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115685.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115695.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115705.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115715.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115725.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118965.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118975.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118985.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119235.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119245.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118015.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118025.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119265.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119275.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119295.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119305.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119315.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120855.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120865.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120975.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120985.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120995.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107295.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107355.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108525.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108535.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108165.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108555.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100475.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100485.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104815.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104825.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104845.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93125.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C102875.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93185.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C93445.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100515.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C100495.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C103785.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C103795.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C104835.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Bing Sun1.02022-11-08T08:00:00<p>Information published.</p>
Network Policy Server (NPS) RADIUS Protocol Denial of Service VulnerabilityNetwork Policy Server (NPS)MicrosoftCVE-2022-4105611568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Denial of Service11568Denial of Service11569Denial of Service11570Denial of Service11571Denial of Service11572Denial of Service11896Denial of Service11897Denial of Service11898Denial of Service11923Denial of Service11924Denial of Service11801Denial of Service11802Denial of Service11926Denial of Service11927Denial of Service11929Denial of Service11930Denial of Service11931Denial of Service12085Denial of Service12086Denial of Service12097Denial of Service12098Denial of Service12099Denial of Service10729Denial of Service10735Denial of Service10852Denial of Service10853Denial of Service10816Denial of Service10855Denial of Service10047Denial of Service10048Denial of Service10481Denial of Service10482Denial of Service10484Denial of Service9312Denial of Service10287Denial of Service9318Denial of Service9344Denial of Service10051Denial of Service10049Denial of Service10378Denial of Service10379Denial of Service10483Denial of Service10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115687.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115697.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115707.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115717.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C115727.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118967.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119237.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119247.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118017.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C118027.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119267.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119277.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119307.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C119317.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120857.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120867.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120977.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120987.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C120997.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107297.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C107357.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108527.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108537.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108167.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C108557.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100477.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100487.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104817.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104827.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104847.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93127.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C102877.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93187.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C93447.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100517.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100497.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103787.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C103797.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C104837.56.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>1.02022-11-08T08:00:00<p>Information published.</p>
BitLocker Security Feature Bypass Vulnerability<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p>
<p><strong>Are there additional steps that I need to take to be protected from this vulnerability?</strong></p>
<p>Yes. You must apply the applicable Windows security update to your Windows Recovery Environment (WinRE). For more information about how to apply the WinRE update, see <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre">Add an update package to Windows RE</a>.</p>
<p>IMPORTANT: End users and enterprises who are updating Windows devices which are already deployed in their environment can instead use the latest Windows Safe OS Dynamic Updates to update WinRE when the partition is too small to install the full Windows update. You can download the latest Windows Safe OS Dynamic Update from the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%20Safe%20OS%20Dynamic%20Update">Microsoft Update Catalog</a>.</p>
<p><strong>Can a bootable Windows ISO or USB flash drive that boot to Windows RE be used to exploit this vulnerability?</strong></p>
<p>No. The exploit is only possible with the winre.wim on the recovery partition of the device.</p>
<p><strong>Can a vulnerable version of WinRE WIM file be used to exploit this vulnerability?</strong></p>
<p>No. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. Please complete all steps in [Microsoft Learn | <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#apply-the-update-to-a-running-pc">Add an Update to Windows RE | Apply the update to a running PC</a> to ensure that the updated Windows RE image is turned on and correctly configured for your Windows installation.</p>
<p><strong>If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN?</strong></p>
<p>No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.</p>
<p><strong>Is there a way I can automate the process of updating WinRE on my Windows devices which have already been deployed?</strong></p>
<p>Yes. Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see <a href="https://support.microsoft.com/help/5025175">KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099</a> for more information.</p>
Windows BitLockerMicrosoftCVE-2022-4109911568115691157011896118971189811801118021192611927119291193011931120851208612097120981209910729107351085210853Security Feature Bypass11568Security Feature Bypass11569Security Feature Bypass11570Security Feature Bypass11896Security Feature Bypass11897Security Feature Bypass11898Security Feature Bypass11801Security Feature Bypass11802Security Feature Bypass11926Security Feature Bypass11927Security Feature Bypass11929Security Feature Bypass11930Security Feature Bypass11931Security Feature Bypass12085Security Feature Bypass12086Security Feature Bypass12097Security Feature Bypass12098Security Feature Bypass12099Security Feature Bypass10729Security Feature Bypass10735Security Feature Bypass10852Security Feature Bypass10853Important11568Important11569Important11570Important11896Important11897Important11898Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A4.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115684.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115694.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115704.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118964.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118974.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118984.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118014.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C118024.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119264.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119274.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119294.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119304.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119314.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120854.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120864.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120974.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120984.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C120994.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107294.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107354.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108524.64.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C108535019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199665018419115681156911570YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/50199661156811569115705019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996450184111085210853YesSecurity Update10.0.14393.5501Anonymous1.02022-11-08T08:00:00<p>Information published.</p>
1.12023-01-10T08:00:00<p>The following updates have been made: 1) Added an FAQ with further steps customers need to take to protect the Windows Recovery Environment (WinRE) from this vulnerability. 2) Added an FAQ to further clarify that offline images are not affected by this vulnerability. These are informational changes only.</p>
1.22023-01-19T08:00:00<p>Updated the FAQs to further clarify the update guidance for this CVE. This is an informational change only.</p>
1.32023-02-07T08:00:00<p>The following updates have been made: 1) Added an FAQ to explain that a BitLocker encrypted drive cannot be accessed via an artibrary WinRE WIM hosted on an external drive. 2) Revised FAQ to clarify that the exploit is only possible with the winre.wim on the recovery partition of the device.</p>
1.42023-02-24T08:00:00<p>Added an FAQ to explain that the vulnerability cannot be exploited if the user is protected by BitLocker TPM+PIN. This is an informational change only.</p>
1.52023-03-16T07:00:00<p>Added an FAQ to inform customers that a sample script is now available to help automate updating WinRE from the running Windows OS. See <a href="https://support.microsoft.com/help/5025175">KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099</a> for more information.</p>
Windows HTTP.sys Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows HTTP.sysMicrosoftCVE-2022-4105711568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379James Forshaw of Google Project Zero1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Defense in Depth Update<p>Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure. This update provides hardening around IRM-protected documents to ensure the trust-of-certificate chain.</p>
Microsoft OfficeMicrosoftADV2200031075310754106031060110602Defense in Depth10753Defense in Depth10754Defense in Depth10603Defense in Depth10601Defense in Depth10602Important10753Important10754Important10603Important10601Important10602Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A3191869https://www.microsoft.com/download/details.aspx?familyid=4bf81dff-fb42-4738-8f33-1c22097ae46f1075310754MaybeSecurity Update16.0.5369.1000319187510603MaybeSecurity Update15.0.5501.10003191875https://www.microsoft.com/download/details.aspx?familyid=296eb5c1-8025-4bf5-9348-f098f56cd0b610601MaybeSecurity Update15.0.5501.10003191875https://www.microsoft.com/download/details.aspx?familyid=986e6189-02e6-467a-940b-4ac20d475b5310602MaybeSecurity Update15.0.5501.10001.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Word Information Disclosure Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Microsoft Office WordMicrosoftCVE-2022-410601197211953117631195211762116051157411573107471074611099115851095010606106111060510604Information Disclosure11972Information Disclosure11953Information Disclosure11763Information Disclosure11952Information Disclosure11762Information Disclosure11605Information Disclosure11574Information Disclosure11573Information Disclosure10747Information Disclosure10746Information Disclosure11099Information Disclosure11585Information Disclosure10950Information Disclosure10606Information Disclosure10611Information Disclosure10605Information Disclosure10604Important11972Important11953Important11763Important11952Important11762Important11605Important11574Important11573Important10747Important10746Important11099Important11585Important10950Important10606Important10611Important10605Important10604Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119725.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119535.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117635.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119525.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117625.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C116055.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115745.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115735.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107475.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107465.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C110995.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115855.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C109505.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106065.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106115.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106055.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106045002291https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c111972MaybeSecurity Update16.0.15601.20238Click to Run119531176311952117621157411573NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002276https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f500222811605MaybeSecurity Update16.0.10392.200005002223https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db500218410747MaybeSecurity Update16.0.5369.10005002223https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d500218410746MaybeSecurity Update16.0.5369.10005002235https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4500206211099MaybeSecurity Update15.0.5501.10005002294https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c500227811585MaybeSecurity Update16.0.10392.200005002305https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5500228710950MaybeSecurity Update16.0.5369.10005002217500218710606MaybeSecurity Update15.0.5501.10005002261https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236500221410611MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c500218710605MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af500218710604MaybeSecurity Update15.0.5501.1000<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Word Information Disclosure Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Microsoft Office WordMicrosoftCVE-2022-41103115851095011972117631176211573116051157411961106111060610604106051195211953107471074611099Information Disclosure11585Information Disclosure10950Information Disclosure11972Information Disclosure11763Information Disclosure11762Information Disclosure11573Information Disclosure11605Information Disclosure11574Information Disclosure11961Information Disclosure10611Information Disclosure10606Information Disclosure10604Information Disclosure10605Information Disclosure11952Information Disclosure11953Information Disclosure10747Information Disclosure10746Information Disclosure11099Important11585Important10950Important11972Important11763Important11762Important11573Important11605Important11574Important11961Important10611Important10606Important10604Important10605Important11952Important11953Important10747Important10746Important11099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115855.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C109505.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119725.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117635.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117625.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115735.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C116055.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115745.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119615.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106115.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106065.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106045.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106055.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119525.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119535.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107475.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107465.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C110995002294https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c500227811585MaybeSecurity Update16.0.10392.200005002305https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5500228710950MaybeSecurity Update16.0.5369.10005002291https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c111972MaybeSecurity Update16.0.15601.20238Click to Run117631176211573115741195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002276https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f500222811605MaybeSecurity Update16.0.10392.200005002296https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb11961MaybeSecurity Update16.0.15601.202385002261https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236500221410611MaybeSecurity Update15.0.5501.10005002217500218710606MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af500218710604MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c500218710605MaybeSecurity Update15.0.5501.10005002223https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db500218410747MaybeSecurity Update16.0.5369.10005002223https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d500218410746MaybeSecurity Update16.0.5369.10005002235https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4500206211099MaybeSecurity Update15.0.5501.1000<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Word Remote Code Execution Vulnerability<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office WordMicrosoftCVE-2022-4106111972119611160511763107461158510950119511109911575117621074710611106061060410605Remote Code Execution11972Remote Code Execution11961Remote Code Execution11605Remote Code Execution11763Remote Code Execution10746Remote Code Execution11585Remote Code Execution10950Remote Code Execution11951Remote Code Execution11099Remote Code Execution11575Remote Code Execution11762Remote Code Execution10747Remote Code Execution10611Remote Code Execution10606Remote Code Execution10604Remote Code Execution10605Important11972Important11961Important11605Important11763Important10746Important11585Important10950Important11951Important11099Important11575Important11762Important10747Important10611Important10606Important10604Important10605Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119727.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119617.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116057.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117637.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107467.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115857.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C109507.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119517.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C110997.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115757.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117627.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107477.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106117.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106067.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106047.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106055002291https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c111972MaybeSecurity Update16.0.15601.202385002296https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb11961MaybeSecurity Update16.0.15601.202385002276https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f500222811605MaybeSecurity Update16.0.10392.20000Click to Run1176311762NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002223https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d500218410746MaybeSecurity Update16.0.5369.10005002294https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c500227811585MaybeSecurity Update16.0.10392.200005002305https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5500228710950MaybeSecurity Update16.0.5369.1000Release Noteshttps://go.microsoft.com/fwlink/p/?linkid=8310491195111575MaybeSecurity Update16.67.221113005002235https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4500206211099MaybeSecurity Update15.0.5501.10005002223https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db500218410747MaybeSecurity Update16.0.5369.10005002261https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236500221410611MaybeSecurity Update15.0.5501.10005002217500218710606MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af500218710604MaybeSecurity Update15.0.5501.10005002217https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c500218710605MaybeSecurity Update15.0.5501.1000<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a>2.02022-11-15T08:00:00<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Excel Security Feature Bypass Vulnerability<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>Opening a malicious document could bypass the Microsoft Office Trust Center and upload local files to a remote attacker-specified folder.</p>
Microsoft Office ExcelMicrosoftCVE-2022-411041157311574117621176311952119531073910740106561065410655Security Feature Bypass11573Security Feature Bypass11574Security Feature Bypass11762Security Feature Bypass11763Security Feature Bypass11952Security Feature Bypass11953Security Feature Bypass10739Security Feature Bypass10740Security Feature Bypass10656Security Feature Bypass10654Security Feature Bypass10655Important11573Important11574Important11762Important11763Important11952Important11953Important10739Important10740Important10656Important10654Important10655Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115735.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115745.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117625.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117635.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119525.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119535.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107395.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C107405.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106565.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C106545.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C10655Click to Run115731157411762117631195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002253https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58500223210739MaybeSecurity Update16.0.5369.10005002253https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18500223210740MaybeSecurity Update16.0.5369.10005002275500224210656MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795500224210654MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb500224210655MaybeSecurity Update15.0.5501.1000<a href="https://twitter.com/jdgregson">jdgregson</a>1.22023-05-09T07:00:00<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>
1.32023-05-16T07:00:00<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
1.12023-03-23T07:00:00<p>Added FAQ information. This is an informational change only.</p>
Microsoft Excel Information Disclosure Vulnerability<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p>
<p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.</p>
Microsoft OfficeMicrosoftCVE-2022-41105115731157411762117631195211953Information Disclosure11573Information Disclosure11574Information Disclosure11762Information Disclosure11763Information Disclosure11952Information Disclosure11953Important11573Important11574Important11762Important11763Important11952Important11953Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A5.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115735.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C115745.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117625.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117635.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C119525.54.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C11953Click to Run115731157411762117631195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability<p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p>
<p>No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.</p>
<p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated to the target site as at least a Site Member.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePointMicrosoftCVE-2022-410621095011099115851196110612Remote Code Execution10950Remote Code Execution11099Remote Code Execution11585Remote Code Execution11961Remote Code Execution10612Important10950Important11099Important11585Important11961Important10612Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A8.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C109508.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C110998.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115858.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119618.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106125002305https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5500228710950MaybeSecurity Update16.0.5369.10005002302https://www.microsoft.com/download/details.aspx?familyid=d722a475-bf22-498d-862d-0378b2cfeb4a500228311099MaybeCumulative Update15.0.5501.10005002303https://www.microsoft.com/download/details.aspx?familyid=4b609168-569a-46ec-a81d-baa844eeb8eb50022841109910612MaybeSecurity Update15.0.5501.10005002294https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c500227811585MaybeSecurity Update16.0.10392.200005002296https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb11961MaybeSecurity Update16.0.15601.20238Anonymous1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office ExcelMicrosoftCVE-2022-4110611573115741160511762117631195211953107391074010656106541065510611Remote Code Execution11573Remote Code Execution11574Remote Code Execution11605Remote Code Execution11762Remote Code Execution11763Remote Code Execution11952Remote Code Execution11953Remote Code Execution10739Remote Code Execution10740Remote Code Execution10656Remote Code Execution10654Remote Code Execution10655Remote Code Execution10611Important11573Important11574Important11605Important11762Important11763Important11952Important11953Important10739Important10740Important10656Important10654Important10655Important10611Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A8.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115738.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115748.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116058.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117628.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117638.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119528.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119538.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107398.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107408.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106568.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106548.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106558.87.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C10611Click to Run115731157411762117631195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002276https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f500222811605MaybeSecurity Update16.0.10392.200005002253https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58500223210739MaybeSecurity Update16.0.5369.10005002253https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18500223210740MaybeSecurity Update16.0.5369.10005002275500224210656MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795500224210654MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb500224210655MaybeSecurity Update15.0.5501.10005002261https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236500221410611MaybeSecurity Update15.0.5501.1000<a href="https://talosintelligence.com/vulnerability_reports/">Marcin "Icewall" Noga of Cisco Talos</a> with <a href="https://twitter.com/talossecurity">Cisco Talos</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office ExcelMicrosoftCVE-2022-4106311573115741160511762117631195211953107391074010656106541065510611Remote Code Execution11573Remote Code Execution11574Remote Code Execution11605Remote Code Execution11762Remote Code Execution11763Remote Code Execution11952Remote Code Execution11953Remote Code Execution10739Remote Code Execution10740Remote Code Execution10656Remote Code Execution10654Remote Code Execution10655Remote Code Execution10611Important11573Important11574Important11605Important11762Important11763Important11952Important11953Important10739Important10740Important10656Important10654Important10655Important10611Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115737.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115747.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116057.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117627.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117637.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119527.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119537.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107397.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107407.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106567.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106547.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C106557.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C10611Click to Run115731157411762117631195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleases5002276https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f500222811605MaybeSecurity Update16.0.10392.200005002253https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58500223210739MaybeSecurity Update16.0.5369.10005002253https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18500223210740MaybeSecurity Update16.0.5369.10005002275500224210656MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795500224210654MaybeSecurity Update15.0.5501.10005002275https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb500224210655MaybeSecurity Update15.0.5501.10005002261https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236500221410611MaybeSecurity Update15.0.5501.1000<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Office Graphics Remote Code Execution Vulnerability<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft OfficeMicrosoftCVE-2022-411071157311574115751176211763119511195211953Remote Code Execution11573Remote Code Execution11574Remote Code Execution11575Remote Code Execution11762Remote Code Execution11763Remote Code Execution11951Remote Code Execution11952Remote Code Execution11953Important11573Important11574Important11575Important11762Important11763Important11951Important11952Important11953Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115737.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115747.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115757.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117627.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C117637.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119517.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119527.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C11953Click to Run115731157411762117631195211953NoSecurity Updatehttps://aka.ms/OfficeSecurityReleasesRelease Noteshttps://go.microsoft.com/fwlink/p/?linkid=8310491157511951MaybeSecurity Update16.67.22111300Mat Powell & Michael DePlante (@izobashi) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>2.02022-11-15T08:00:00<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
1.12022-11-10T08:00:00<p>FAQ added to explain that the updates for Office 2019 for Mac and Office LTSC 2021 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
Windows Win32k Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Win32KMicrosoftCVE-2022-4110911568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<a href="https://twitter.com/securiteam_ssd">Yongil Lee</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a>1.02022-11-08T08:00:00<p>Information published.</p>
Microsoft Business Central Information Disclosure Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could use it to view integration secrets that are owned by a different partner.</p>
Microsoft DynamicsMicrosoftCVE-2022-410661174611750121091212212123Information Disclosure11746Information Disclosure11750Information Disclosure12109Information Disclosure12122Information Disclosure12123Important11746Important11750Important12109Important12122Important12123Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A4.43.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117464.43.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C117504.43.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C121094.43.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C121224.43.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C121235021000https://www.microsoft.com/en-us/download/details.aspx?id=10469411746MaybeSecurity Update493455021001https://www.microsoft.com/en-us/download/details.aspx?id=10469511750Security UpdateApplication Build 14.42.49347, Platform Build 14.05021004https://www.microsoft.com/en-us/download/details.aspx?id=10469312109MaybeSecurity UpdateApplication Build 21.1.48638, Platform Build 21.0.5021002https://www.microsoft.com/en-us/download/details.aspx?id=10469612122MaybeSecurity UpdateApplication Build 20.7.48483, Platform Build 20.0.5021003https://www.microsoft.com/en-us/download/details.aspx?id=10469712123MaybeSecurity UpdateApplication Build 21.2.49990, Platform Build 21.01.02022-11-08T08:00:00<p>Information published.</p>
2.02022-11-10T08:00:00<p>In the Security Updates table, added the following supported editions of Microsoft Dynamics as they are affected by this vulnerability: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 Business Central Spring 2019, Dynamics 365 Business Central 2021 Release Wave 2, and Dynamics 365 Business Central 2022 Release Wave 2. Microsoft strongly recommends that customers install the November updates to be fully protected from this vulnerability.</p>
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Graphics ComponentMicrosoftCVE-2022-4111311568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995022286https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502228650212371156811569115701157111572YesSecurity Update10.0.17763.38875022286https://support.microsoft.com/help/502228611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/50199591189611897118985022291https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502229150212491192311924YesSecurity Update10.0.20348.14875022282https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502228250212331180111802YesSecurity Update10.0.19042.24865022282https://support.microsoft.com/help/502228211801118021192911930119311209712098120995022287https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502228750212341192611927YesSecurity Update10.0.22000.14555022282https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50222825021233119291193011931YesSecurity Update10.0.19044.24865022303https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502230350212551208512086YesSecurity Update10.0.22621.11055022303https://support.microsoft.com/help/502230312085120865022282https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50222825021233120971209812099YesSecurity Update10.0.19045.2486AnonymousYanZiShuang@BigCJTeam of cyberkl2.12023-04-18T07:00:00<p>Added acknowledgements. This is an informational change only.</p>
2.22023-04-25T07:00:00<p>Updated links to security updates. This is an informational change only.</p>
1.02022-11-08T08:00:00<p>Information published.</p>
2.02023-01-10T08:00:00<p>To comprehensively address CVE-2022-41113, Microsoft has released January 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
2.32023-10-12T07:00:00<p>In the Security Updates table corrected the Article and Download links for Windows Server 2022 and Windows Server 2022 (Server Core installation). This is an informational change only.</p>
Windows Bind Filter Driver Elevation of Privilege Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p>
Windows Bind Filter DriverMicrosoftCVE-2022-411141189611897118981192311924118011180211926119271192911930119311208512098120971208612099Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12098Elevation of Privilege12097Elevation of Privilege12086Elevation of Privilege12099Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12098Important12097Important12086Important12099Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A7.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.06.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120995019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209812097120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120981209712099YesSecurity Update10.0.19045.2251<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>1.02022-11-08T08:00:00<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Point-to-Point Tunneling ProtocolMicrosoftCVE-2022-4111610047100481005110049Denial of Service10047Denial of Service10048Denial of Service10051Denial of Service10049Important10047Important10048Important10051Important10049Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A5.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100475.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100485.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100515.95.2CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C100495020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/502001310047100481005110049Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team1.02022-11-08T08:00:00<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Print Spooler ComponentsMicrosoftCVE-2022-4107311568115691157011571115721189611897118981192311924118011180211926119271192911930119311208512086120971209812099107291073510852108531081610855100471004810481104821048493121028793189344100511004910378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10047Elevation of Privilege10048Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege9312Elevation of Privilege10287Elevation of Privilege9318Elevation of Privilege9344Elevation of Privilege10051Elevation of Privilege10049Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10047Important10048Important10481Important10482Important10484Important9312Important10287Important9318Important9344Important10051Important10049Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93127.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C102877.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93187.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C93447.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100497.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000501845410047100481005110049YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/5020000100471004810051100495020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001310047100481005110049YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/5020013100471004810051100495020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020019https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019501845093121028793189344YesMonthly Rollup6.0.6003.217685020019https://support.microsoft.com/help/5020019931210287931893445020005https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000593121028793189344YesSecurity Only6.0.6003.217685020005https://support.microsoft.com/help/5020005931210287931893445020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379Microsoft Threat Intelligence Center (MSTIC)1.02022-11-08T08:00:00<p>Information published.</p>
Windows Scripting Languages Remote Code Execution Vulnerability<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?</strong></p>
<p>This vulnerability impacts both the JScript9 and Chakra scripting languages.</p>
Windows ScriptingMicrosoftCVE-2022-411181208612097120991208512098119311192311930118961192611898119291192711897115681180110816100471180210852104821157011569100511048411571107291073510853104811004810483Remote Code Execution12086Remote Code Execution12097Remote Code Execution12099Remote Code Execution12085Remote Code Execution12098Remote Code Execution11931Remote Code Execution11923Remote Code Execution11930Remote Code Execution11896Remote Code Execution11926Remote Code Execution11898Remote Code Execution11929Remote Code Execution11927Remote Code Execution11897Remote Code Execution11568Remote Code Execution11801Remote Code Execution10816Remote Code Execution10047Remote Code Execution11802Remote Code Execution10852Remote Code Execution10482Remote Code Execution11570Remote Code Execution11569Remote Code Execution10051Remote Code Execution10484Remote Code Execution11571Remote Code Execution10729Remote Code Execution10735Remote Code Execution10853Remote Code Execution10481Remote Code Execution10048Remote Code Execution10483Critical12086Critical12097Critical12099Critical12085Critical12098Critical11931Critical11923Critical11930Critical11896Critical11926Critical11898Critical11929Critical11927Critical11897Critical11568Critical11801Critical10816Critical10047Critical11802Critical10852Critical10482Critical11570Critical11569Critical10051Critical10484Critical11571Critical10729Critical10735Critical10853Critical10481Critical10048Critical10483Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A7.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100477.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100517.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C100487.56.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104835019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208612085YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012086120855019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209912098YesSecurity Update10.0.19045.22515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119311193011929YesSecurity Update10.0.19044.22515019959https://support.microsoft.com/help/501995912097120991209811931119301189611898119291189711801118025019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081501842111923YesSecurity Update10.0.20348.1249501908011923YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189811897YesSecurity Update10.0.19043.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966501841911568115701156911571YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/5019966115681157011569115715019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199645018411108161085210853YesSecurity Update10.0.14393.55015020000https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200005018454100471005110048YesMonthly Rollup6.1.7601.262215020000https://support.microsoft.com/help/50200001004710051100485020013https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013100471005110048YesSecurity Only6.1.7601.262215020013https://support.microsoft.com/help/50200131004710051100485019958https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958100471005110048YesIE Cumulative6.1.7601.262215020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200235018474104821048110483YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104821048410481104835020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010104821048110483YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048210481104835019958https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958104821048110483YesIE Cumulative6.3.9600.206705020023501847410484YesMonthly Rollup6.3.9600.206715019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/50199701072910735Tim Cluff1.02022-11-08T08:00:00<p>Information published.</p>
Visual Studio Remote Code Execution Vulnerability<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>
Visual StudioMicrosoftCVE-2022-411191205111600119351208111969Remote Code Execution12051Remote Code Execution11600Remote Code Execution11935Remote Code Execution12081Remote Code Execution11969Important12051Important11600Important11935Important12081Important11969Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120517.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C116007.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119357.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120817.86.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C11969Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.212051MaybeSecurity Update17.2.10Release Noteshttp://aka.ms/vs/15/release/latest11600MaybeSecurity Update15.9.51Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.1111935MaybeSecurity Update16.11.21Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.312081MaybeSecurity Update17.3.7Release Noteshttps://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.011969MaybeSecurity Update17.0.16goodbyeselene1.02022-11-08T08:00:00<p>Information published.</p>
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows CNG Key Isolation ServiceMicrosoftCVE-2022-411251156811569115701157111572118961189711898119231192411801118021192611927119291193011931120851208612097120981209910729107351085210853108161085510481104821048410378103791048310543Elevation of Privilege11568Elevation of Privilege11569Elevation of Privilege11570Elevation of Privilege11571Elevation of Privilege11572Elevation of Privilege11896Elevation of Privilege11897Elevation of Privilege11898Elevation of Privilege11923Elevation of Privilege11924Elevation of Privilege11801Elevation of Privilege11802Elevation of Privilege11926Elevation of Privilege11927Elevation of Privilege11929Elevation of Privilege11930Elevation of Privilege11931Elevation of Privilege12085Elevation of Privilege12086Elevation of Privilege12097Elevation of Privilege12098Elevation of Privilege12099Elevation of Privilege10729Elevation of Privilege10735Elevation of Privilege10852Elevation of Privilege10853Elevation of Privilege10816Elevation of Privilege10855Elevation of Privilege10481Elevation of Privilege10482Elevation of Privilege10484Elevation of Privilege10378Elevation of Privilege10379Elevation of Privilege10483Elevation of Privilege10543Important11568Important11569Important11570Important11571Important11572Important11896Important11897Important11898Important11923Important11924Important11801Important11802Important11926Important11927Important11929Important11930Important11931Important12085Important12086Important12097Important12098Important12099Important10729Important10735Important10852Important10853Important10816Important10855Important10481Important10482Important10484Important10378Important10379Important10483Important10543Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A7.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115687.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115697.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115707.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115717.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C115727.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118967.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119237.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119247.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118017.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C118027.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119267.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119277.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119307.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C119317.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120857.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120867.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120977.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120987.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C120997.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107297.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C107357.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108527.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108537.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108167.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C108557.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104817.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104827.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104847.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103787.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C103797.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C104837.86.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C105435019966https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996650184191156811569115701157111572YesSecurity Update10.0.17763.36505019966https://support.microsoft.com/help/501996611568115691157011571115725019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410118961189711898YesSecurity Update10.0.19043.22515019959https://support.microsoft.com/help/501995911896118971189811801118021192911930119311209712098120995019081https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501908150184211192311924YesSecurity Update10.0.20348.124950190801192311924YesSecurity Hotpatch Update10.0.20348.12515019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501995950184101180111802YesSecurity Update10.0.19042.22515019961https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501996150184181192611927YesSecurity Update10.0.22000.12195019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50199595018410119291193011931YesSecurity Update10.0.19044.22515019980https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501998050184271208512086YesSecurity Update10.0.22621.8195019980https://support.microsoft.com/help/501998012085120865019959https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959120971209812099YesSecurity Update10.0.19045.22515019970https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB501997050184251072910735YesSecurity Update10.0.10240.195675019970https://support.microsoft.com/help/501997010729107355019964https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964501841110852108531081610855YesSecurity Update10.0.14393.55015020023https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023501847410481104821048310543YesMonthly Rollup6.3.9600.206715020023https://support.microsoft.com/help/5020023104811048210483105435020010https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502001010481104821048310543YesSecurity Only6.3.9600.206705020010https://support.microsoft.com/help/50200101048110482104841048310543502001010484YesSecurity Only6.3.9600.206705020009https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB502000950184571037810379YesMonthly Rollup6.2.9200.239685020009https://support.microsoft.com/help/502000910378103795020003https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50200031037810379YesSecurity Only6.2.9200.239685020003https://support.microsoft.com/help/50200031037810379<li>Microsoft Threat Intelligence Center (MSTIC)
<li>Microsoft Security Response Center (MSRC)1.02022-11-08T08:00:00<p>Information published.</p>
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun<p><strong>Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
<p><strong>Where can I find further guidance for this OpenSSL vulnerability?</strong></p>
<p>For more information and guidance see <a href="https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/">Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)</a>.</p>
Open Source SoftwareOpenSSL Software FoundationCVE-2022-3786116691211612117116691211612117116691211612117Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/ARelease Noteshttps://github.com/Azure/AKS/issues/329911669MaybeSecurity Update2022.11.02Release Noteshttps://devblogs.microsoft.com/cppblog/fix-for-high-risk-openssl-security-vulnerabilities-announced-guidance-for-vcpkg-users/1211612117MaybeSecurity Update1.02022-11-02T07:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-42915https://nvd.nist.gov/vuln/detail/CVE-2022-42915https://nvd.nist.gov/vuln/detail/CVE-2022-42915https://nvd.nist.gov/vuln/detail/CVE-2022-42915https://nvd.nist.gov/vuln/detail/CVE-2022-42915Marinercve@mitre.orgCVE-2022-429151213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A9.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121379.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121389.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121408.18.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H121378.18.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H121388.18.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H121398.18.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H12140curl12137121381213912140CBL-Mariner7.86.0-1curl12137curl-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12138curl-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12139curl-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12140curl-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-42916https://nvd.nist.gov/vuln/detail/CVE-2022-42916https://nvd.nist.gov/vuln/detail/CVE-2022-42916https://nvd.nist.gov/vuln/detail/CVE-2022-42916https://nvd.nist.gov/vuln/detail/CVE-2022-42916Marinercve@mitre.orgCVE-2022-429161213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N12140curl12137121381213912140CBL-Mariner7.86.0-1curl12137curl-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12138curl-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12139curl-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-1curl12140curl-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-devel-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-libs-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00curl-debuginfo-7.86.0-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.86.0-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-43945https://nvd.nist.gov/vuln/detail/CVE-2022-43945https://nvd.nist.gov/vuln/detail/CVE-2022-43945https://nvd.nist.gov/vuln/detail/CVE-2022-43945https://nvd.nist.gov/vuln/detail/CVE-2022-43945https://nvd.nist.gov/vuln/detail/CVE-2022-43945Marinerdisclosure@synopsys.comCVE-2022-439451213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H12140kernel1213712138CBL-Mariner5.10.158.1-1kernel1213912140CBL-Mariner5.15.82.1-1kernel12137kernel-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-devel-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-docs-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-oprofile-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-tools-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00bpftool-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-debuginfo-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner5.10.158.1-1kernel12138kernel-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-devel-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-docs-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-tools-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-dtb-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00bpftool-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-debuginfo-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner5.10.158.1-1kernel12139kernel-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-devel-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-gpu-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-docs-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-tools-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00python3-perf-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00bpftool-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-debuginfo-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner5.15.82.1-1kernel12140kernel-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-devel-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-gpu-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-docs-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-tools-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00python3-perf-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-dtb-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00bpftool-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-debuginfo-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner5.15.82.1-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-43995https://nvd.nist.gov/vuln/detail/CVE-2022-43995https://nvd.nist.gov/vuln/detail/CVE-2022-43995https://nvd.nist.gov/vuln/detail/CVE-2022-43995https://nvd.nist.gov/vuln/detail/CVE-2022-43995Marinercve@mitre.orgCVE-2022-439951213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A7.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121377.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121387.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121397.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121407.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121377.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121387.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H121397.17.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H12140sudo12137121381213912140CBL-Mariner1.9.12p1-1sudo12137sudo-1.9.12p1-1.cm1.x86_64.rpm0001-01-01T00:00:00sudo-debuginfo-1.9.12p1-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner1.9.12p1-1sudo12138sudo-1.9.12p1-1.cm1.aarch64.rpm0001-01-01T00:00:00sudo-debuginfo-1.9.12p1-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner1.9.12p1-1sudo12139sudo-1.9.12p1-1.cm2.x86_64.rpm0001-01-01T00:00:00sudo-debuginfo-1.9.12p1-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner1.9.12p1-1sudo12140sudo-1.9.12p1-1.cm2.aarch64.rpm0001-01-01T00:00:00sudo-debuginfo-1.9.12p1-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner1.9.12p1-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-3821https://nvd.nist.gov/vuln/detail/CVE-2022-3821https://nvd.nist.gov/vuln/detail/CVE-2022-3821https://nvd.nist.gov/vuln/detail/CVE-2022-3821https://nvd.nist.gov/vuln/detail/CVE-2022-3821https://nvd.nist.gov/vuln/detail/CVE-2022-3821Marinersecalert@redhat.comCVE-2022-38211213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A5.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121375.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121385.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121395.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121405.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121375.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121385.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H121395.55.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H12140systemd1213712138CBL-Mariner239-43systemd1213912140CBL-Mariner250.3-10systemd12137systemd-239-43.cm1.x86_64.rpm0001-01-01T00:00:00systemd-devel-239-43.cm1.x86_64.rpm0001-01-01T00:00:00systemd-lang-239-43.cm1.x86_64.rpm0001-01-01T00:00:00systemd-debuginfo-239-43.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner239-43systemd12138systemd-239-43.cm1.aarch64.rpm0001-01-01T00:00:00systemd-devel-239-43.cm1.aarch64.rpm0001-01-01T00:00:00systemd-lang-239-43.cm1.aarch64.rpm0001-01-01T00:00:00systemd-debuginfo-239-43.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner239-43systemd12139systemd-250.3-10.cm2.x86_64.rpm0001-01-01T00:00:00systemd-rpm-macros-250.3-10.cm2.noarch.rpm0001-01-01T00:00:00systemd-devel-250.3-10.cm2.x86_64.rpm0001-01-01T00:00:00systemd-lang-250.3-10.cm2.x86_64.rpm0001-01-01T00:00:00systemd-debuginfo-250.3-10.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner250.3-10systemd12140systemd-250.3-10.cm2.aarch64.rpm0001-01-01T00:00:00systemd-rpm-macros-250.3-10.cm2.noarch.rpm0001-01-01T00:00:00systemd-devel-250.3-10.cm2.aarch64.rpm0001-01-01T00:00:00systemd-lang-250.3-10.cm2.aarch64.rpm0001-01-01T00:00:00systemd-debuginfo-250.3-10.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner250.3-101.02022-11-17T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-3970https://nvd.nist.gov/vuln/detail/CVE-2022-3970https://nvd.nist.gov/vuln/detail/CVE-2022-3970https://nvd.nist.gov/vuln/detail/CVE-2022-3970https://nvd.nist.gov/vuln/detail/CVE-2022-3970Marinercna@vuldb.comCVE-2022-39701213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A9.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121379.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121389.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121408.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121378.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121388.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121398.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H12140libtiff12137121381213912140CBL-Mariner4.4.0-6libtiff12137libtiff-4.4.0-6.cm1.x86_64.rpm0001-01-01T00:00:00libtiff-devel-4.4.0-6.cm1.x86_64.rpm0001-01-01T00:00:00libtiff-debuginfo-4.4.0-6.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner4.4.0-6libtiff12138libtiff-4.4.0-6.cm1.aarch64.rpm0001-01-01T00:00:00libtiff-devel-4.4.0-6.cm1.aarch64.rpm0001-01-01T00:00:00libtiff-debuginfo-4.4.0-6.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner4.4.0-6libtiff12139libtiff-4.4.0-6.cm2.x86_64.rpm0001-01-01T00:00:00libtiff-devel-4.4.0-6.cm2.x86_64.rpm0001-01-01T00:00:00libtiff-debuginfo-4.4.0-6.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner4.4.0-6libtiff12140libtiff-4.4.0-6.cm2.aarch64.rpm0001-01-01T00:00:00libtiff-devel-4.4.0-6.cm2.aarch64.rpm0001-01-01T00:00:00libtiff-debuginfo-4.4.0-6.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner4.4.0-61.02022-11-18T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-41916https://nvd.nist.gov/vuln/detail/CVE-2022-41916https://nvd.nist.gov/vuln/detail/CVE-2022-41916https://nvd.nist.gov/vuln/detail/CVE-2022-41916https://nvd.nist.gov/vuln/detail/CVE-2022-41916Marinersecurity-advisories@github.comCVE-2022-4191612139121401213712138121391214012137121381213912140121391214012137121381213912140DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H12140heimdal1213912140CBL-Mariner7.7.1-1heimdal12137heimdal-workstation-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00heimdal-server-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00heimdal-libs-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00heimdal-devel-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00heimdal-path-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00heimdal-debuginfo-7.7.1-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.7.1-1heimdal12138heimdal-workstation-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00heimdal-server-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00heimdal-libs-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00heimdal-devel-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00heimdal-path-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00heimdal-debuginfo-7.7.1-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.7.1-1heimdal12139heimdal-workstation-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00heimdal-server-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00heimdal-libs-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00heimdal-devel-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00heimdal-path-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00heimdal-debuginfo-7.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner7.7.1-1heimdal12140heimdal-workstation-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00heimdal-server-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00heimdal-libs-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00heimdal-devel-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00heimdal-path-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00heimdal-debuginfo-7.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner7.7.1-11.02022-11-19T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-3910https://nvd.nist.gov/vuln/detail/CVE-2022-3910https://nvd.nist.gov/vuln/detail/CVE-2022-3910https://nvd.nist.gov/vuln/detail/CVE-2022-3910https://nvd.nist.gov/vuln/detail/CVE-2022-3910https://nvd.nist.gov/vuln/detail/CVE-2022-3910Marinersecurity@google.comCVE-2022-39101213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A7.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121377.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121387.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121407.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121377.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121387.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H12140kernel1213712138CBL-Mariner5.10.158.1-1kernel1213912140CBL-Mariner5.15.82.1-1kernel12137kernel-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-devel-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-docs-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-oprofile-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-tools-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00bpftool-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00kernel-debuginfo-5.10.158.1-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner5.10.158.1-1kernel12138kernel-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-devel-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-docs-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-tools-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-dtb-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00bpftool-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00kernel-debuginfo-5.10.158.1-1.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner5.10.158.1-1kernel12139kernel-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-devel-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-gpu-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-docs-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-tools-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00python3-perf-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00bpftool-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00kernel-debuginfo-5.15.82.1-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner5.15.82.1-1kernel12140kernel-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-devel-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-accessibility-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-gpu-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-drivers-sound-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-docs-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-tools-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00python3-perf-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-dtb-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00bpftool-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00kernel-debuginfo-5.15.82.1-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner5.15.82.1-11.02022-11-24T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-36227https://nvd.nist.gov/vuln/detail/CVE-2022-36227https://nvd.nist.gov/vuln/detail/CVE-2022-36227https://nvd.nist.gov/vuln/detail/CVE-2022-36227https://nvd.nist.gov/vuln/detail/CVE-2022-36227Marinercve@mitre.orgCVE-2022-362271213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A9.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121379.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121389.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121409.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121379.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121389.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H12140libarchive12137121381213912140CBL-Mariner3.6.1-2libarchive12137libarchive-3.6.1-2.cm1.x86_64.rpm0001-01-01T00:00:00libarchive-devel-3.6.1-2.cm1.x86_64.rpm0001-01-01T00:00:00libarchive-debuginfo-3.6.1-2.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.6.1-2libarchive12138libarchive-3.6.1-2.cm1.aarch64.rpm0001-01-01T00:00:00libarchive-devel-3.6.1-2.cm1.aarch64.rpm0001-01-01T00:00:00libarchive-debuginfo-3.6.1-2.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner3.6.1-2libarchive12139libarchive-3.6.1-2.cm2.x86_64.rpm0001-01-01T00:00:00libarchive-devel-3.6.1-2.cm2.x86_64.rpm0001-01-01T00:00:00libarchive-debuginfo-3.6.1-2.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.6.1-2libarchive12140libarchive-3.6.1-2.cm2.aarch64.rpm0001-01-01T00:00:00libarchive-devel-3.6.1-2.cm2.aarch64.rpm0001-01-01T00:00:00libarchive-debuginfo-3.6.1-2.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner3.6.1-21.02022-11-29T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-40303https://nvd.nist.gov/vuln/detail/CVE-2022-40303https://nvd.nist.gov/vuln/detail/CVE-2022-40303https://nvd.nist.gov/vuln/detail/CVE-2022-40303https://nvd.nist.gov/vuln/detail/CVE-2022-40303https://nvd.nist.gov/vuln/detail/CVE-2022-40303Marinercve@mitre.orgCVE-2022-403031213712138121391214012137121381213912140121371213812139121401213712138121391214012137121381213912140DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121387.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H12140libxml21213712138CBL-Mariner2.9.14-3libxml21213912140CBL-Mariner2.10.3-1libxml212137libxml2-2.9.14-3.cm1.x86_64.rpm0001-01-01T00:00:00libxml2-python-2.9.14-3.cm1.x86_64.rpm0001-01-01T00:00:00python3-libxml2-2.9.14-3.cm1.x86_64.rpm0001-01-01T00:00:00libxml2-devel-2.9.14-3.cm1.x86_64.rpm0001-01-01T00:00:00libxml2-debuginfo-2.9.14-3.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner2.9.14-3libxml212138libxml2-2.9.14-3.cm1.aarch64.rpm0001-01-01T00:00:00libxml2-python-2.9.14-3.cm1.aarch64.rpm0001-01-01T00:00:00python3-libxml2-2.9.14-3.cm1.aarch64.rpm0001-01-01T00:00:00libxml2-devel-2.9.14-3.cm1.aarch64.rpm0001-01-01T00:00:00libxml2-debuginfo-2.9.14-3.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner2.9.14-3libxml212139libxml2-2.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00python3-libxml2-2.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00libxml2-devel-2.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00libxml2-debuginfo-2.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner2.10.3-1libxml212140libxml2-2.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00python3-libxml2-2.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00libxml2-devel-2.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00libxml2-debuginfo-2.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner2.10.3-11.02022-11-29T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-39377https://nvd.nist.gov/vuln/detail/CVE-2022-39377https://nvd.nist.gov/vuln/detail/CVE-2022-39377https://nvd.nist.gov/vuln/detail/CVE-2022-39377https://nvd.nist.gov/vuln/detail/CVE-2022-39377Marinersecurity-advisories@github.comCVE-2022-3937712139121401213712138121391214012137121381213912140121391214012137121381213912140DOS:N/A9.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121407.87.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121377.87.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121387.87.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H12140sysstat1213912140CBL-Mariner12.7.1-1sysstat12137sysstat-12.3.3-2.cm1.x86_64.rpm0001-01-01T00:00:00sysstat-debuginfo-12.3.3-2.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner12.3.3-2sysstat12138sysstat-12.3.3-2.cm1.aarch64.rpm0001-01-01T00:00:00sysstat-debuginfo-12.3.3-2.cm1.aarch64.rpm0001-01-01T00:00:00CBL-Mariner12.3.3-2sysstat12139sysstat-12.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00sysstat-debuginfo-12.7.1-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner12.7.1-1sysstat12140sysstat-12.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00sysstat-debuginfo-12.7.1-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner12.7.1-11.02022-11-18T00:00:00<p>Information published.</p>
2.02023-01-06T00:00:00<p>Added sysstat to CBL-Mariner 1.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-41973https://nvd.nist.gov/vuln/detail/CVE-2022-41973Marinercve@mitre.orgCVE-2022-41973121391214012139121401213912140DOS:N/A7.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H12140device-mapper-multipath12139device-mapper-multipath-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00kpartx-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00device-mapper-multipath-devel-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00device-mapper-multipath-debuginfo-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner0.8.6-4device-mapper-multipath12140device-mapper-multipath-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00kpartx-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00device-mapper-multipath-devel-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00device-mapper-multipath-debuginfo-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner0.8.6-41.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-41974https://nvd.nist.gov/vuln/detail/CVE-2022-41974Marinercve@mitre.orgCVE-2022-41974121391214012139121401213912140DOS:N/A7.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H12140device-mapper-multipath12139device-mapper-multipath-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00kpartx-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00device-mapper-multipath-devel-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00device-mapper-multipath-debuginfo-0.8.6-4.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner0.8.6-4device-mapper-multipath12140device-mapper-multipath-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00kpartx-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00device-mapper-multipath-devel-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00device-mapper-multipath-debuginfo-0.8.6-4.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner0.8.6-41.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-40284https://nvd.nist.gov/vuln/detail/CVE-2022-40284https://nvd.nist.gov/vuln/detail/CVE-2022-40284Marinercve@mitre.orgCVE-2022-4028412139121401213912140121391214012139121401213912140DOS:N/A7.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121407.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H12140ntfs-3g1213912140CBL-Mariner2022.10.3-1ntfs-3g12139ntfs-3g-2022.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00ntfs-3g-devel-2022.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00ntfs-3g-libs-2022.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00ntfsprogs-2022.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00ntfs-3g-debuginfo-2022.10.3-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner2022.10.3-1ntfs-3g12140ntfs-3g-2022.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00ntfs-3g-devel-2022.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00ntfs-3g-libs-2022.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00ntfsprogs-2022.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00ntfs-3g-debuginfo-2022.10.3-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner2022.10.3-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-44638https://nvd.nist.gov/vuln/detail/CVE-2022-44638https://nvd.nist.gov/vuln/detail/CVE-2022-44638Marinercve@mitre.orgCVE-2022-4463812139121401213912140121391214012139121401213912140DOS:N/A8.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121398.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121408.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H121398.88.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H12140pixman1213912140CBL-Mariner0.42.2-1pixman12139pixman-0.42.2-1.cm2.x86_64.rpm0001-01-01T00:00:00pixman-devel-0.42.2-1.cm2.x86_64.rpm0001-01-01T00:00:00pixman-debuginfo-0.42.2-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner0.42.2-1pixman12140pixman-0.42.2-1.cm2.aarch64.rpm0001-01-01T00:00:00pixman-devel-0.42.2-1.cm2.aarch64.rpm0001-01-01T00:00:00pixman-debuginfo-0.42.2-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner0.42.2-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-42919https://nvd.nist.gov/vuln/detail/CVE-2022-42919https://nvd.nist.gov/vuln/detail/CVE-2022-42919https://nvd.nist.gov/vuln/detail/CVE-2022-42919https://nvd.nist.gov/vuln/detail/CVE-2022-42919Marinercve@mitre.orgCVE-2022-4291912139121401213712138121391214012139121401213712138121391214012139121401213712138DOS:N/A7.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121407.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121397.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121407.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H121377.87.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H12138python31213912140CBL-Mariner3.9.14-5python312139python3-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-libs-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-curses-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-devel-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-tools-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-pip-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-test-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-debuginfo-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.9.14-5python312140python3-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-libs-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-curses-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-devel-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-tools-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-pip-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-test-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-debuginfo-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner3.9.14-5python312137python3-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-libs-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-xml-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-curses-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-devel-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-tools-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-pip-3.7.16-1.cm1.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.7.16-1.cm1.noarch.rpm0001-01-01T00:00:00python3-test-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-debuginfo-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.7.16-1python312138CBL-Mariner3.7.16-11.02022-11-09T00:00:00<p>Information published.</p>
2.02023-02-06T00:00:00<p>Added python3 to CBL-Mariner 1.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-39379https://nvd.nist.gov/vuln/detail/CVE-2022-39379https://nvd.nist.gov/vuln/detail/CVE-2022-39379Marinersecurity-advisories@github.comCVE-2022-3937912139121401213912140121391214012139121401213912140DOS:N/A9.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121409.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H121399.89.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H12140rubygem-fluentd1213912140CBL-Mariner1.14.6-2rubygem-fluentd12139rubygem-fluentd-1.14.6-2.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner1.14.6-2rubygem-fluentd12140rubygem-fluentd-1.14.6-2.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner1.14.6-21.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-40617https://nvd.nist.gov/vuln/detail/CVE-2022-40617https://nvd.nist.gov/vuln/detail/CVE-2022-40617Marinercve@mitre.orgCVE-2022-4061712139121401213912140121391214012139121401213912140DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H12140strongswan1213912140CBL-Mariner5.9.8-1strongswan12139strongswan-5.9.8-1.cm2.x86_64.rpm0001-01-01T00:00:00strongswan-debuginfo-5.9.8-1.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner5.9.8-1strongswan12140strongswan-5.9.8-1.cm2.aarch64.rpm0001-01-01T00:00:00strongswan-debuginfo-5.9.8-1.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner5.9.8-11.02022-11-09T00:00:00<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061https://nvd.nist.gov/vuln/detail/CVE-2022-45061Marinercve@mitre.orgCVE-2022-4506112139121401213712138121391214012139121401213712138121391214012139121401213712138DOS:N/A7.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121397.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121407.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H121377.57.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H12138python31213912140CBL-Mariner3.9.14-5python312139python3-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-libs-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-curses-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-devel-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-tools-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-pip-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-test-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00python3-debuginfo-3.9.14-5.cm2.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.9.14-5python312140python3-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-libs-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-curses-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-devel-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-tools-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-pip-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.9.14-5.cm2.noarch.rpm0001-01-01T00:00:00python3-test-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00python3-debuginfo-3.9.14-5.cm2.aarch64.rpm0001-01-01T00:00:00CBL-Mariner3.9.14-5python212137python2-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python2-libs-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python-xml-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python-curses-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python2-devel-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python2-tools-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python2-test-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00python2-debuginfo-2.7.18-14.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner2.7.18-14python312137python3-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-libs-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-xml-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-curses-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-devel-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-tools-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-pip-3.7.16-1.cm1.noarch.rpm0001-01-01T00:00:00python3-setuptools-3.7.16-1.cm1.noarch.rpm0001-01-01T00:00:00python3-test-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00python3-debuginfo-3.7.16-1.cm1.x86_64.rpm0001-01-01T00:00:00CBL-Mariner3.7.16-1python212138CBL-Mariner2.7.18-14python312138CBL-Mariner3.7.16-11.02022-11-17T00:00:00<p>Information published.</p>