August 2022 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2022-Aug 2022-Aug Final 1.0 290 2026-02-19T01:09:29 August 2022 Security Updates 2022-08-09T07:00:00 2026-02-19T01:09:29 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET Core</li> <li>Active Directory Domain Services</li> <li>Azure Batch Node Agent</li> <li>Azure Real Time Operating System</li> <li>Azure Site Recovery</li> <li>Azure Sphere</li> <li>Microsoft ATA Port Driver</li> <li>Microsoft Bluetooth Driver</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Exchange Server</li> <li>Microsoft Office</li> <li>Microsoft Office Excel</li> <li>Microsoft Office Outlook</li> <li>Microsoft Windows Support Diagnostic Tool (MSDT)</li> <li>Remote Access Service Point-to-Point Tunneling Protocol</li> <li>Role: Windows Fax Service</li> <li>Role: Windows Hyper-V</li> <li>System Center Operations Manager</li> <li>Visual Studio</li> <li>Windows Bluetooth Service</li> <li>Windows Canonical Display Driver</li> <li>Windows Cloud Files Mini Filter Driver</li> <li>Windows Defender Credential Guard</li> <li>Windows Digital Media</li> <li>Windows Error Reporting</li> <li>Windows Hello</li> <li>Windows Internet Information Services</li> <li>Windows Kerberos</li> <li>Windows Kernel</li> <li>Windows Local Security Authority (LSA)</li> <li>Windows Network File System</li> <li>Windows Partition Management Driver</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Print Spooler Components</li> <li>Windows Secure Boot</li> <li>Windows Secure Socket Tunneling Protocol (SSTP)</li> <li>Windows Storage Spaces Direct</li> <li>Windows Unified Write Filter</li> <li>Windows WebBrowser Control</li> <li>Windows Win32K</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>August 9, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979">CVE-2022-21979</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980">CVE-2022-21980</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477">CVE-2022-24477</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516">CVE-2022-24516</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2603">CVE-2022-2603</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2604">CVE-2022-2604</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2605">CVE-2022-2605</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2606">CVE-2022-2606</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2610">CVE-2022-2610</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2611">CVE-2022-2611</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2612">CVE-2022-2612</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2614">CVE-2022-2614</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2615">CVE-2022-2615</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2616">CVE-2022-2616</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2617">CVE-2022-2617</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2618">CVE-2022-2618</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2619">CVE-2022-2619</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2621">CVE-2022-2621</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2622">CVE-2022-2622</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2623">CVE-2022-2623</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2624">CVE-2022-2624</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30133">CVE-2022-30133</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30134">CVE-2022-30134</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30144">CVE-2022-30144</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30175">CVE-2022-30175</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30176">CVE-2022-30176</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30194">CVE-2022-30194</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30197">CVE-2022-30197</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33631">CVE-2022-33631</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33636">CVE-2022-33636</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33640">CVE-2022-33640</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33646">CVE-2022-33646</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33648">CVE-2022-33648</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33649">CVE-2022-33649</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33670">CVE-2022-33670</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34301">CVE-2022-34301</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34302">CVE-2022-34302</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34303">CVE-2022-34303</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685">CVE-2022-34685</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686">CVE-2022-34686</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34687">CVE-2022-34687</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34690">CVE-2022-34690</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34691">CVE-2022-34691</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34692">CVE-2022-34692</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34696">CVE-2022-34696</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34699">CVE-2022-34699</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34702">CVE-2022-34702</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34703">CVE-2022-34703</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704">CVE-2022-34704</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705">CVE-2022-34705</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34706">CVE-2022-34706</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707">CVE-2022-34707</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708">CVE-2022-34708</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709">CVE-2022-34709</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710">CVE-2022-34710</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712">CVE-2022-34712</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34713">CVE-2022-34713</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34714">CVE-2022-34714</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715">CVE-2022-34715</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716">CVE-2022-34716</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34717">CVE-2022-34717</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35742">CVE-2022-35742</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35743">CVE-2022-35743</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35744">CVE-2022-35744</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35745">CVE-2022-35745</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35746">CVE-2022-35746</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35747">CVE-2022-35747</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35748">CVE-2022-35748</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35749">CVE-2022-35749</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35750">CVE-2022-35750</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35751">CVE-2022-35751</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35752">CVE-2022-35752</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35753">CVE-2022-35753</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35754">CVE-2022-35754</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35755">CVE-2022-35755</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35756">CVE-2022-35756</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35757">CVE-2022-35757</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35758">CVE-2022-35758</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35760">CVE-2022-35760</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35761">CVE-2022-35761</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35762">CVE-2022-35762</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35763">CVE-2022-35763</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35764">CVE-2022-35764</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35765">CVE-2022-35765</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35766">CVE-2022-35766</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35767">CVE-2022-35767</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768">CVE-2022-35768</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771">CVE-2022-35771</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35772">CVE-2022-35772</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35773">CVE-2022-35773</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35774">CVE-2022-35774</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35775">CVE-2022-35775</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35776">CVE-2022-35776</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35777">CVE-2022-35777</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35779">CVE-2022-35779</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35780">CVE-2022-35780</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35781">CVE-2022-35781</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35782">CVE-2022-35782</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35783">CVE-2022-35783</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35784">CVE-2022-35784</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35785">CVE-2022-35785</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35786">CVE-2022-35786</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35787">CVE-2022-35787</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35788">CVE-2022-35788</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35789">CVE-2022-35789</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35790">CVE-2022-35790</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35791">CVE-2022-35791</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35792">CVE-2022-35792</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35793">CVE-2022-35793</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35794">CVE-2022-35794</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35795">CVE-2022-35795</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35796">CVE-2022-35796</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35797">CVE-2022-35797</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35799">CVE-2022-35799</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35800">CVE-2022-35800</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35801">CVE-2022-35801</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35802">CVE-2022-35802</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804">CVE-2022-35804</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35806">CVE-2022-35806</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35807">CVE-2022-35807</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35808">CVE-2022-35808</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35809">CVE-2022-35809</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35810">CVE-2022-35810</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35811">CVE-2022-35811</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35812">CVE-2022-35812</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35813">CVE-2022-35813</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35814">CVE-2022-35814</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35815">CVE-2022-35815</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35816">CVE-2022-35816</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35817">CVE-2022-35817</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35818">CVE-2022-35818</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35819">CVE-2022-35819</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35820">CVE-2022-35820</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35821">CVE-2022-35821</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824">CVE-2022-35824</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825">CVE-2022-35825</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35826">CVE-2022-35826</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35827">CVE-2022-35827</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5012170">5012170</a></td> <td>Windows 11, Secure Boot Standalone</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016616">5016616</a></td> <td>Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016623">5016623</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016627">5016627</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016629">5016629</a></td> <td>Windows 11</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016669">5016669</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016676">5016676</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016679">5016679</a></td> <td>Windows 7, Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5016686">5016686</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Azure RTOS GUIX Studio Azure Site Recovery VMWare to Azure Open Management Infrastructure Azure Batch Azure Sphere Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2016 System Center Operations Manager (SCOM) 2022 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.0 .NET 6.0 .NET Core 3.1 PowerShell 7.0 PowerShell 7.2 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Visual Studio 2012 Update 5 Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Outlook 2013 RT Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Windows Admin Center Windows Server, version 1903 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Exchange Server 2013 Cumulative Update 23 Windows Server, version 1909 (Server Core installation) .NET Core 3.1 PowerShell 7.0 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows Server, version 2004 (Server Core installation) Azure Sphere Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Remote Desktop client for Windows Desktop Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Open Management Infrastructure Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 Azure Site Recovery VMWare to Azure Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Visual Studio 2022 version 17.2 Azure RTOS GUIX Studio System Center Operations Manager (SCOM) 2016 System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2022 Azure Batch Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure EFLOW CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Xbox Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows Server 2025 (Server Core installation) azl3 teckit 2.5.12-4 on Azure Linux 3.0 azl3 syslinux 6.04-11 on Azure Linux 3.0 azl3 samba 4.18.3-1 on Azure Linux 3.0 cm1 mariadb 10.3.36-1 on CBL Mariner 1.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 azl3 kernel 6.6.35.1-4 on Azure Linux 3.0 cm1 glibc 2.28-24 on CBL Mariner 1.0 cbl2 kernel 5.15.167.1-2 on CBL Mariner 2.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 cbl2 python3 3.9.19-1 on CBL Mariner 2.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 cbl2 kernel 5.15.126.1-1 on CBL Mariner 2.0 cm1 kernel 5.10.189.1-1 on CBL Mariner 1.0 cm1 libtiff 4.5.0-1 on CBL Mariner 1.0 cm1 binutils 2.36.1-3 on CBL Mariner 1.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 libtiff 4.5.0-1 on CBL Mariner 2.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cm1 kernel 5.10.161.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.70.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.82.1-1 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-48 on CBL Mariner 1.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 cm1 kernel 5.10.149.1-1 on CBL Mariner 1.0 cm1 unbound 1.10.0-5 on CBL Mariner 1.0 cm1 kernel 5.10.145.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.144.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.155.1-1 on CBL Mariner 1.0 cbl2 qemu 6.2.0-13 on CBL Mariner 2.0 cbl2 kernel 5.15.67.1-4 on CBL Mariner 2.0 cm1 vim 9.0.0360-1 on CBL Mariner 1.0 cm1 postgresql 12.12-1 on CBL Mariner 1.0 cbl2 postgresql 14.5-1 on CBL Mariner 2.0 cm1 gzip 1.12-1 on CBL Mariner 1.0 cbl2 gzip 1.12-1 on CBL Mariner 2.0 cbl2 vim 9.0.0325-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-5 on CBL Mariner 2.0 cm1 libtiff 4.4.0-3 on CBL Mariner 1.0 cbl2 libtiff 4.4.0-4 on CBL Mariner 2.0 cm1 kernel 5.10.134.1-2 on CBL Mariner 1.0 cbl2 binutils 2.37-4 on CBL Mariner 2.0 cm1 golang 1.18.5-1 on CBL Mariner 1.0 cbl2 golang 1.18.5-1 on CBL Mariner 2.0 cm1 zlib 1.2.12-2 on CBL Mariner 1.0 cbl2 zlib 1.2.12-2 on CBL Mariner 2.0 azl3 crash 8.0.4-2 on Azure Linux 3.0 cm1 rsync 3.1.3-6 on CBL Mariner 1.0 cbl2 rsync 3.2.5-1 on CBL Mariner 2.0 cbl2 unbound 1.16.2-1 on CBL Mariner 2.0 cm1 gnutls 3.6.14-8 on CBL Mariner 1.0 cbl2 gnutls 3.7.7-1 on CBL Mariner 2.0 cm1 vim 9.0.0181-1 on CBL Mariner 1.0 cm1 util-linux 2.32.1-7 on CBL Mariner 1.0 cm1 unzip 6.0-19 on CBL Mariner 1.0 azl3 libldb 2.7.2-1 on Azure Linux 3.0 azl3 virglrenderer 0.9.1-3 on Azure Linux 3.0 azl3 libtar 1.2.20-11 on Azure Linux 3.0 cm1 rpm 4.14.2-15 on CBL Mariner 1.0 cbl2 rpm 4.18.0-1 on CBL Mariner 2.0 cbl2 unzip 6.0-22 on CBL Mariner 2.0 azl3 unzip 6.0-22 on Azure Linux 3.0 cm1 gnutls 3.6.14-7 on CBL Mariner 1.0 cm1 glib 2.58.0-10 on CBL Mariner 1.0 cm1 cryptsetup 2.3.7-1 on CBL Mariner 1.0 cm1 systemd 239-42 on CBL Mariner 1.0 cbl2 systemd 250.3-21 on CBL Mariner 2.0 cm1 openvswitch 2.15.1-2 on CBL Mariner 1.0 cm1 libvirt 6.1.0-6 on CBL Mariner 1.0 cm1 python3 3.7.13-3 on CBL Mariner 1.0 cm1 libtar 1.2.20-10 on CBL Mariner 1.0 cbl2 libtar 1.2.20-10 on CBL Mariner 2.0 cm1 libjpeg-turbo 2.1.4-1 on CBL Mariner 1.0 cbl2 libjpeg-turbo 2.1.4-1 on CBL Mariner 2.0 azl3 binutils 2.41-5 on Azure Linux 3.0 cbl2 colord 1.4.4-9 on CBL Mariner 2.0 cbl2 opencryptoki 3.17.0-1 on CBL Mariner 2.0 cbl2 mod_auth_mellon 0.16.0-4 on CBL Mariner 2.0 cbl2 dnsmasq 2.89-1 on CBL Mariner 2.0 cbl2 fapolicyd 1.3.2-1 on CBL Mariner 2.0 cbl2 mod_wsgi 4.9.3-2 on CBL Mariner 2.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 cbl2 bolt on CBL Mariner 2.0 cbl2 samba on CBL Mariner 2.0 cbl2 jsoup on CBL Mariner 2.0 cbl2 snakeyaml on CBL Mariner 2.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 azl3 cloud-hypervisor 37.0-2 on Azure Linux 3.0 azl3 cloud-hypervisor-cvm 38.0.72-2 on Azure Linux 3.0 azl3 gdb 13.2-4 on Azure Linux 3.0 azl3 crash 8.0.4-1 on Azure Linux 3.0 azl3 boost 1.83.0-2 on Azure Linux 3.0 azl3 libgit2 1.7.2-1 on Azure Linux 3.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems None Available Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cve@mitre.org Yes CVE-2022-35737 1.0 2022-08-11T00:00:00 <p>Information published.</p> A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0216 Use After Free 18533-16820 18533-16820 Moderate 18533-16820 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18533-16820 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:13 <p>Information published.</p> An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl leading to a denial of service or possible code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0135 Out-of-bounds Write 18834-17084 18834-17084 Important 18834-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18834-17084 CBL-Mariner Releases 18834-17084 No Security Update 0.9.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18834-17084 CBL-Mariner Releases 1.0 2022-08-30T07:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host possibly leading to information disclosure. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0175 Missing Initialization of Resource 18834-17084 18834-17084 Moderate 18834-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18834-17084 CBL-Mariner Releases 18834-17084 No Security Update 0.9.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18834-17084 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0358 Improper Check for Dropped Privileges 18533-16820 18635-16823 18535-17084 18533-16820 18635-16823 18535-17084 Important 18533-16820 Important 18635-16823 Important 18535-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18533-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18635-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 18635-16823 No Security Update 6.2.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18635-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1012 Missing Release of Memory after Effective Lifetime 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 18638-16820 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-12T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions as it can lead to a kernel information leak problem caused by a local unprivileged attacker. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1016 Missing Initialization of Resource 18505-16820 18506-16823 18505-16820 18506-16823 Moderate 18505-16820 Moderate 18506-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18505-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18506-16823 CBL-Mariner Releases 18505-16820 No Security Update 5.10.161.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18505-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases 1.0 2022-09-09T00:00:00 <p>Information published.</p> 1.1 2023-01-06T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A flaw was found in KVM. When updating a guest's page table entry vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel resulting in a denial of service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1158 Use After Free 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18638-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1198 Use After Free 18610-16820 18617-16823 18610-16820 18617-16823 Moderate 18610-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18610-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1199 Use After Free 18610-16820 18617-16823 18610-16820 18617-16823 Important 18610-16820 Important 18617-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18610-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote low privileged attacker to force zgrep to write arbitrary files on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1271 Improper Input Validation 18632-16820 18633-16823 18632-16820 18633-16823 Important 18632-16820 Important 18633-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18632-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18633-16823 CBL-Mariner Releases 18632-16820 18633-16823 No Security Update 1.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18632-16820 18633-16823 CBL-Mariner Releases 1.0 2022-09-08T00:00:00 <p>Information published.</p> A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MATERIALIZED VIEW CLUSTER and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1552 Incomplete Cleanup 18630-16820 18631-16823 18630-16820 18631-16823 Important 18630-16820 Important 18631-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18630-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18631-16823 CBL-Mariner Releases 18630-16820 No Security Update 12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18630-16820 CBL-Mariner Releases CBL-Mariner Releases 18631-16823 No Security Update 14.5-1 https://Generic Link to CBL-Mariner release page 18631-16823 CBL-Mariner Releases 1.0 2022-09-08T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1973 Use After Free 18605-16820 18617-16823 18605-16820 18617-16823 Important 18605-16820 Important 18617-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18605-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18617-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1976 Use After Free 18610-16820 18506-16823 18610-16820 18506-16823 Important 18610-16820 Important 18506-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18610-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18506-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases 1.0 2022-09-08T00:00:00 <p>Information published.</p> A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2255 Insufficient Verification of Data Authenticity 19492-16823 19492-16823 Important 19492-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19492-16823 CBL-Mariner Releases 19492-16823 No Security Update 4.9.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19492-16823 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2571 Heap-based Buffer Overflow 18651-16820 18634-16823 18651-16820 18634-16823 Important 18651-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18651-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18651-16820 No Security Update 9.0.0181-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18651-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2580 Heap-based Buffer Overflow 18651-16820 18634-16823 18651-16820 18634-16823 Important 18651-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18651-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18651-16820 No Security Update 9.0.0181-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18651-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> Out-of-bounds Read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2581 Out-of-bounds Read 18651-16820 18634-16823 18651-16820 18634-16823 Important 18651-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18651-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18651-16820 No Security Update 9.0.0181-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18651-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema the ability to lure or wait for an administrator to create or update an affected extension in that schema and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites this flaw allows an attacker to run arbitrary code as the victim role which may be a superuser. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2625 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 18630-16820 18631-16823 18630-16820 18631-16823 Important 18630-16820 Important 18631-16823 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18630-16820 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18631-16823 CBL-Mariner Releases 18630-16820 No Security Update 12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18630-16820 CBL-Mariner Releases CBL-Mariner Releases 18631-16823 No Security Update 14.5-1 https://Generic Link to CBL-Mariner release page 18631-16823 CBL-Mariner Releases 1.0 2022-08-20T00:00:00 <p>Information published.</p> Out-of-bounds Read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2816 Out-of-bounds Read 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-17T00:00:00 <p>Information published.</p> 1.1 2022-08-18T00:00:00 <p>Added vim to CBL-Mariner 1.0</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2817 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-17T00:00:00 <p>Information published.</p> 1.1 2022-08-18T00:00:00 <p>Added vim to CBL-Mariner 1.0</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2849 Heap-based Buffer Overflow 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2862 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2869 Integer Underflow (Wrap or Wraparound) 17977-16820 18440-16823 17977-16820 18440-16823 Moderate 17977-16820 Moderate 18440-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18440-16823 CBL-Mariner Releases 17977-16820 18440-16823 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 18440-16823 CBL-Mariner Releases 1.0 2022-08-20T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2874 NULL Pointer Dereference 18627-16820 18634-16823 18627-16820 18634-16823 Moderate 18627-16820 Moderate 18634-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18627-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2889 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-20T00:00:00 <p>Information published.</p> An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example overwrite the .ssh/authorized_keys file). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-29154 Improper Input Validation 18646-16820 18647-16823 18646-16820 18647-16823 Important 18646-16820 Important 18647-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 18646-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 18647-16823 CBL-Mariner Releases 18646-16820 No Security Update 3.1.3-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18646-16820 CBL-Mariner Releases CBL-Mariner Releases 18647-16823 No Security Update 3.2.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18647-16823 CBL-Mariner Releases 1.0 2022-08-10T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default it could allow an attacker to crash the system or have other memory-corruption side effects. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2938 Use After Free 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18638-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-30T00:00:00 <p>Information published.</p> 1.1 2022-08-31T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2946 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2959 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18638-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2980 NULL Pointer Dereference 18627-16820 18634-16823 18627-16820 18634-16823 Moderate 18627-16820 Moderate 18634-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18627-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2982 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3028 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18610-16820 18617-16823 18610-16820 18617-16823 Important 18610-16820 Important 18617-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18610-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-08T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-3037 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> Empty Cmd.Path can trigger unintended binary in os/exec on Windows <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30580 Improper Control of Generation of Code ('Code Injection') 19697-17084 18641-16820 18642-16823 19693-17084 18315-17084 19697-17084 18641-16820 18642-16823 19693-17084 18315-17084 Important 19697-17084 Important 18641-16820 Important 18642-16823 Important 19693-17084 Important 18315-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19697-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18641-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18642-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19693-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18315-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:21:24 <p>Information published.</p> Session tickets lack random ticket_age_add in crypto/tls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30629 Use of Insufficiently Random Values 18641-16820 18642-16823 18315-17084 19693-17084 18641-16820 18642-16823 18315-17084 19693-17084 Low 18641-16820 Low 18642-16823 Low 18315-17084 Low 19693-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 18641-16820 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 18642-16823 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 18315-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 19693-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.2 2026-02-18T02:22:12 <p>Information published.</p> 1.0 2022-08-17T00:00:00 <p>Information published.</p> 1.1 2022-08-18T00:00:00 <p>Added golang to CBL-Mariner 1.0</p> Stack exhaustion when reading certain archives in compress/gzip <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30631 Uncontrolled Recursion 19693-17084 19679-17084 18315-17084 18641-16820 18642-16823 19697-17084 19693-17084 19679-17084 18315-17084 18641-16820 18642-16823 19697-17084 Important 19693-17084 Important 19679-17084 Important 18315-17084 Important 18641-16820 Important 18642-16823 Important 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:14:40 <p>Information published.</p> Stack exhaustion on crafted paths in path/filepath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30632 Uncontrolled Recursion 19679-17084 18641-16820 18642-16823 18315-17084 19693-17084 19697-17084 19679-17084 18641-16820 18642-16823 18315-17084 19693-17084 19697-17084 19679-17084 Important 18641-16820 Important 18642-16823 18315-17084 19693-17084 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> Stack exhaustion when unmarshaling certain documents in encoding/xml <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30633 Uncontrolled Recursion 19679-17084 19693-17084 17485-17084 19697-17084 18641-16820 18642-16823 18315-17084 19679-17084 19693-17084 17485-17084 19697-17084 18641-16820 18642-16823 18315-17084 19679-17084 19693-17084 17485-17084 19697-17084 Important 18641-16820 Important 18642-16823 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17485-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> Novel "ghost domain names" attack by introducing subdomain delegations <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner NLnet Labs Yes CVE-2022-30698 Insufficient Session Expiration 18601-16820 18648-16823 18601-16820 18648-16823 Moderate 18601-16820 Moderate 18648-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18601-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18648-16823 CBL-Mariner Releases 18601-16820 No Security Update 1.10.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18601-16820 CBL-Mariner Releases CBL-Mariner Releases 18648-16823 No Security Update 1.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18648-16823 CBL-Mariner Releases 1.0 2022-08-09T00:00:00 <p>Information published.</p> Novel "ghost domain names" attack by updating almost expired delegation information <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner NLnet Labs Yes CVE-2022-30699 Insufficient Session Expiration 18601-16820 18648-16823 18601-16820 18648-16823 Moderate 18601-16820 Moderate 18648-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18601-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18648-16823 CBL-Mariner Releases 18601-16820 No Security Update 1.10.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18601-16820 CBL-Mariner Releases CBL-Mariner Releases 18648-16823 No Security Update 1.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18648-16823 CBL-Mariner Releases 1.0 2022-08-09T00:00:00 <p>Information published.</p> Panic when decoding Float and Rat types in math/big <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-32189 18641-16820 18642-16823 18641-16820 18642-16823 Important 18641-16820 Important 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key a user can change other users' passwords enabling full domain takeover. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-32744 Authentication Bypass by Spoofing 16864-17084 16864-17084 Important 16864-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request usually resulting in a segmentation fault. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-32745 Out-of-bounds Read 16864-17084 16864-17084 Important 16864-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes such as userAccountControl. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-32746 Use After Free 18826-17084 16864-17084 18826-17084 16864-17084 Moderate 18826-17084 Moderate 16864-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 18826-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 16864-17084 CBL-Mariner Releases 18826-17084 No Security Update 2.7.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18826-17084 CBL-Mariner Releases CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.2 2024-10-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.4 2024-10-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.5 2024-10-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.6 2024-10-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.7 2024-10-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.8 2024-10-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.9 2024-10-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.0 2024-10-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.1 2024-10-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.3 2024-10-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.5 2024-10-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.9 2024-11-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.3 2024-11-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.4 2024-11-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.5 2024-11-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.8 2024-11-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.9 2024-11-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.0 2024-11-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.5 2024-11-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.6 2024-11-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.7 2024-11-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.8 2024-11-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.1 2024-11-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.8 2024-12-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.0 2024-12-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.4 2024-12-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.5 2024-12-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.9 2024-12-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.0 2024-12-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.1 2024-12-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.3 2024-12-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.6 2025-01-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.9 2025-01-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.1 2025-01-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.4 2025-01-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.7 2025-01-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.9 2025-01-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.0 2025-01-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.2 2025-01-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.3 2025-01-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.4 2025-01-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.5 2025-01-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.6 2025-01-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.7 2025-01-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.8 2025-01-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.9 2025-01-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.2 2025-01-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.3 2025-02-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.5 2025-02-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.7 2025-02-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.8 2025-02-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.9 2025-02-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.2 2025-02-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.8 2025-02-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.9 2025-02-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.2 2025-02-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.5 2025-02-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.7 2025-02-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.8 2025-02-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.2 2025-03-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.5 2025-03-06T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.6 2025-03-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.8 2025-03-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.9 2025-03-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.0 2025-03-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.8 2025-03-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.0 2025-03-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.1 2025-03-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.5 2025-03-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.6 2025-03-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.9 2025-04-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.2 2025-04-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.3 2025-04-06T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.4 2025-04-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.9 2025-04-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.3 2025-04-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.7 2025-04-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.8 2025-04-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.9 2025-04-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.0 2025-04-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.5 2025-04-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.6 2025-05-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.8 2025-05-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.0 2025-05-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.2 2025-05-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.5 2025-05-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.6 2025-05-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.7 2025-05-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.2 2025-05-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.5 2025-05-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.6 2025-05-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 22.1 2025-05-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 22.2 2025-05-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.1 2024-10-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 1.3 2024-10-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.2 2024-10-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.4 2024-10-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.6 2024-10-31T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.7 2024-11-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 2.8 2024-11-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.0 2024-11-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.1 2024-11-06T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.2 2024-11-07T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.6 2024-11-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 3.7 2024-11-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.1 2024-11-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.2 2024-11-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.3 2024-11-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.4 2024-11-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 4.9 2024-11-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.0 2024-11-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.2 2024-11-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.3 2024-11-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.4 2024-11-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.5 2024-12-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.6 2024-12-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.7 2024-12-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 5.9 2024-12-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.1 2024-12-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.2 2024-12-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.3 2024-12-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.6 2024-12-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.7 2024-12-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 6.8 2024-12-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.2 2024-12-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.4 2024-12-21T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.5 2024-12-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.6 2024-12-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.7 2024-12-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.8 2024-12-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 7.9 2024-12-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.0 2024-12-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.1 2024-12-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.2 2024-12-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.3 2024-12-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.4 2024-12-31T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.5 2025-01-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.7 2025-01-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 8.8 2025-01-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.0 2025-01-06T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.2 2025-01-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.3 2025-01-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.5 2025-01-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.6 2025-01-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 9.8 2025-01-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 10.1 2025-01-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.0 2025-01-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.1 2025-01-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.4 2025-02-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 11.6 2025-02-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.0 2025-02-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.1 2025-02-10T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.3 2025-02-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.4 2025-02-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.5 2025-02-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.6 2025-02-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 12.7 2025-02-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.0 2025-02-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.1 2025-02-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.3 2025-02-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.4 2025-02-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.6 2025-02-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 13.9 2025-02-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.0 2025-03-01T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.1 2025-03-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.3 2025-03-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.4 2025-03-05T00:00:00 <p>Added samba to Azure Linux 3.0</p> 14.7 2025-03-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.1 2025-03-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.2 2025-03-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.3 2025-03-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.4 2025-03-17T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.5 2025-03-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.6 2025-03-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.7 2025-03-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 15.9 2025-03-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.2 2025-03-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.3 2025-03-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.4 2025-03-27T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.7 2025-03-30T00:00:00 <p>Added samba to Azure Linux 3.0</p> 16.8 2025-03-31T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.0 2025-04-03T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.1 2025-04-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.5 2025-04-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.6 2025-04-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.7 2025-04-11T00:00:00 <p>Added samba to Azure Linux 3.0</p> 17.8 2025-04-12T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.0 2025-04-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.1 2025-04-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.2 2025-04-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.4 2025-04-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.5 2025-04-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 18.6 2025-04-20T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.1 2025-04-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.2 2025-04-26T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.3 2025-04-28T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.4 2025-04-29T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.7 2025-05-02T00:00:00 <p>Added samba to Azure Linux 3.0</p> 19.9 2025-05-04T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.1 2025-05-06T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.3 2025-05-08T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.4 2025-05-09T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.8 2025-05-13T00:00:00 <p>Added samba to Azure Linux 3.0</p> 20.9 2025-05-14T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.0 2025-05-15T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.1 2025-05-16T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.3 2025-05-18T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.4 2025-05-19T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.7 2025-05-22T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.8 2025-05-23T00:00:00 <p>Added samba to Azure Linux 3.0</p> 21.9 2025-05-24T00:00:00 <p>Added samba to Azure Linux 3.0</p> 22.0 2025-05-25T00:00:00 <p>Added samba to Azure Linux 3.0</p> A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the share. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-20316 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 16864-17084 16864-17084 Moderate 16864-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-28861 URL Redirection to Untrusted Site ('Open Redirect') 18869-16820 17386-16823 18869-16820 17386-16823 Important 18869-16820 Important 17386-16823 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 18869-16820 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 17386-16823 CBL-Mariner Releases 18869-16820 No Security Update 3.7.13-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18869-16820 CBL-Mariner Releases CBL-Mariner Releases 17386-16823 No Security Update 3.9.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17386-16823 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink causing an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33643 Out-of-bounds Read 18870-16820 18871-16823 18850-17084 18870-16820 18871-16823 18850-17084 Critical 18870-16820 Critical 18871-16823 Critical 18850-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18870-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18871-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18850-17084 CBL-Mariner Releases 18870-16820 18871-16823 No Security Update 1.2.20-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18870-16820 18871-16823 CBL-Mariner Releases CBL-Mariner Releases 18850-17084 No Security Update 1.2.20-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18850-17084 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname causing an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33644 Out-of-bounds Read 18870-16820 18871-16823 18850-17084 18870-16820 18871-16823 18850-17084 Important 18870-16820 Important 18871-16823 Important 18850-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18870-16820 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18871-16823 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18850-17084 CBL-Mariner Releases 18870-16820 18871-16823 No Security Update 1.2.20-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18870-16820 18871-16823 CBL-Mariner Releases CBL-Mariner Releases 18850-17084 No Security Update 1.2.20-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18850-17084 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3521 Improper Verification of Cryptographic Signature 18858-16820 18859-16823 18858-16820 18859-16823 Moderate 18858-16820 Moderate 18859-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 18858-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 18859-16823 CBL-Mariner Releases 18858-16820 No Security Update 4.14.2-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18858-16820 CBL-Mariner Releases CBL-Mariner Releases 18859-16823 No Security Update 4.18.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18859-16823 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501 potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-35937 Time-of-check Time-of-use (TOCTOU) Race Condition 18858-16820 18859-16823 18858-16820 18859-16823 Moderate 18858-16820 Moderate 18859-16823 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 18858-16820 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 18859-16823 CBL-Mariner Releases 18858-16820 No Security Update 4.14.2-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18858-16820 CBL-Mariner Releases CBL-Mariner Releases 18859-16823 No Security Update 4.18.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18859-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-35938 Improper Link Resolution Before File Access ('Link Following') 18858-16820 18859-16823 18858-16820 18859-16823 Moderate 18858-16820 Moderate 18859-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18858-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18859-16823 CBL-Mariner Releases 18858-16820 No Security Update 4.14.2-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18858-16820 CBL-Mariner Releases CBL-Mariner Releases 18859-16823 No Security Update 4.18.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18859-16823 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-35939 Improper Link Resolution Before File Access (&#39;Link Following&#39;) 18858-16820 18859-16823 18858-16820 18859-16823 Moderate 18858-16820 Moderate 18859-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18858-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18859-16823 CBL-Mariner Releases 18858-16820 No Security Update 4.14.2-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18858-16820 CBL-Mariner Releases CBL-Mariner Releases 18859-16823 No Security Update 4.18.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18859-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3659 NULL Pointer Dereference 18638-16820 18638-16820 Moderate 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18638-16820 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases 1.0 2022-08-24T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3669 Allocation of Resources Without Limits or Throttling 17936-16820 18506-16823 17065-17084 19529-17084 17936-16820 18506-16823 17065-17084 19529-17084 Moderate 17936-16820 Moderate 18506-16823 Moderate 17065-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17936-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18506-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2022-08-30T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:09:29 <p>Information published.</p> A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3736 Missing Release of Memory after Effective Lifetime 18638-16820 18638-16820 Moderate 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18638-16820 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3764 Missing Release of Memory after Effective Lifetime 18638-16820 18638-16820 Moderate 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18638-16820 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3798 Exposure of Sensitive Information to an Unauthorized Actor 19462-16823 19462-16823 Moderate 19462-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19462-16823 CBL-Mariner Releases 19462-16823 No Security Update 3.17.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19462-16823 CBL-Mariner Releases 1.0 2022-08-30T00:00:00 <p>Information published.</p> A flaw was found in glib before version 2.63.6. Due to random charset alias pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3800 Exposure of Sensitive Information to an Unauthorized Actor 18863-16820 18863-16820 Moderate 18863-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 18863-16820 CBL-Mariner Releases 18863-16820 No Security Update 2.58.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18863-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3905 Missing Release of Memory after Effective Lifetime 18867-16820 18867-16820 Important 18867-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18867-16820 CBL-Mariner Releases 18867-16820 No Security Update 2.15.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18867-16820 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvme_ctrl_reset() data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially executing arbitrary code within the context of the QEMU process on the host. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3929 Use After Free 18533-16820 18612-16823 18535-17084 18533-16820 18612-16823 18535-17084 Important 18533-16820 Important 18612-16823 Important 18535-17084 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18533-16820 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18612-16823 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 18612-16823 No Security Update 6.2.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18612-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3975 Use After Free 18868-16820 18868-16820 Moderate 18868-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18868-16820 CBL-Mariner Releases 18868-16820 No Security Update 6.1.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18868-16820 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3997 Uncontrolled Recursion 18865-16820 18866-16823 18865-16820 18866-16823 Moderate 18865-16820 Moderate 18866-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18865-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18866-16823 CBL-Mariner Releases 18865-16820 No Security Update 239-42 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18865-16820 CBL-Mariner Releases CBL-Mariner Releases 18866-16823 No Security Update 250.3-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18866-16823 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value potentially leading to information leakage and disclosure of sensitive data. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3998 Out-of-bounds Read 17348-16823 17348-16823 Important 17348-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17348-16823 CBL-Mariner Releases 17348-16823 No Security Update 2.35-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17348-16823 CBL-Mariner Releases 1.0 2022-08-30T00:00:00 <p>Information published.</p> A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3999 Off-by-one Error 17077-16820 17077-16820 Important 17077-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17077-16820 CBL-Mariner Releases 17077-16820 No Security Update 2.28-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17077-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4037 Improper Access Control 18611-16820 18611-16820 Important 18611-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18611-16820 CBL-Mariner Releases 18611-16820 No Security Update 5.10.155.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18611-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium such as a flash disk could use this flaw to force a user into permanently disabling the encryption layer of that medium. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4122 Insufficient Verification of Data Authenticity 18864-16820 18864-16820 Moderate 18864-16820 4.3 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18864-16820 CBL-Mariner Releases 18864-16820 No Security Update 2.3.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18864-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4155 Incorrect Calculation of Buffer Size 18638-16820 18617-16823 18638-16820 18617-16823 Moderate 18638-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-30T00:00:00 <p>Information published.</p> 1.1 2022-08-31T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4158 NULL Pointer Dereference 18535-17084 18535-17084 Moderate 18535-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> There are two Information Disclosure vulnerabilities in colord and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use while libxml2 emphasizes that the caller needs to release it. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2021-42523 Missing Release of Memory after Effective Lifetime 19461-16823 19461-16823 Important 19461-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19461-16823 CBL-Mariner Releases 19461-16823 No Security Update 1.4.4-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19461-16823 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2021-43767 Improper Certificate Validation 18630-16820 18630-16820 Moderate 18630-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 18630-16820 CBL-Mariner Releases 18630-16820 No Security Update 12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18630-16820 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-35538 NULL Pointer Dereference 11568 11569 11570 11571 11572 11715 11629 11647 11849 11923 11924 11769 11801 11802 11803 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12118 12242 12243 12244 12382 12389 12390 12436 10729 10735 10852 10853 10816 10855 9237 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 19090-16820 19091-16823 11568 11569 11570 11571 11572 11715 11629 11647 11849 11923 11924 11769 11801 11802 11803 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12118 12242 12243 Remote Code Execution 12244 12382 12389 12390 12436 10729 10735 10852 10853 10816 10855 9237 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 19090-16820 19091-16823 11568 11569 11570 11571 11572 11715 11629 11647 11849 11923 11924 11769 11801 11802 11803 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12118 12242 12243 Important 12244 12382 12389 12390 12436 10729 10735 10852 10853 10816 10855 9237 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Moderate 19090-16820 Moderate 19091-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19090-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19091-16823 CBL-Mariner Releases 19090-16820 19091-16823 No Security Update 2.1.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19090-16820 19091-16823 CBL-Mariner Releases Hussein Alrubaye with Microsoft 1.0 2022-09-08T00:00:00 <p>Information published.</p> MaxQueryDuration not honoured in Samba AD DC LDAP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3670 Uncontrolled Resource Consumption 19646-16823 19646-16823 Moderate 19646-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19646-16823 CBL-Mariner Releases 19646-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19646-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:11 <p>Information published.</p> Denial of Service (DoS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2022-25857 Improper Restriction of Recursive Entity References in DTDs (&#39;XML Entity Expansion&#39;) 19652-16823 19652-16823 Important 19652-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19652-16823 CBL-Mariner Releases 19652-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19652-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:16 <p>Information published.</p> jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-36033 Improper Neutralization of Alternate XSS Syntax 19648-16823 19648-16823 Moderate 19648-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19648-16823 CBL-Mariner Releases 19648-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19648-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:20 <p>Information published.</p> Path traversal via Clean on Windows in path/filepath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-29804 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 18315-17084 19693-17084 19679-17084 19697-17084 18315-17084 19693-17084 19679-17084 19697-17084 Important 18315-17084 Important 19693-17084 Important 19679-17084 Important 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19697-17084 1.0 2025-09-03T21:56:34 <p>Information published.</p> 1.1 2026-02-18T14:40:21 <p>Information published.</p> A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0480 Allocation of Resources Without Limits or Throttling 17936-16820 17936-16820 Moderate 17936-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17936-16820 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:13 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2961 Use After Free 17936-16820 17156-16823 17936-16820 17156-16823 Important 17936-16820 Important 17156-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17936-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17156-16823 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases CBL-Mariner Releases 17156-16823 No Security Update 5.15.167.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17156-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:17 <p>Information published.</p> A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3996 Files or Directories Accessible to External Parties 18778-16820 18778-16820 Moderate 18778-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18778-16820 CBL-Mariner Releases 18778-16820 No Security Update 2.32.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18778-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:12 <p>Information published.</p> A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3995 Files or Directories Accessible to External Parties 18778-16820 18778-16820 Moderate 18778-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18778-16820 CBL-Mariner Releases 18778-16820 No Security Update 2.32.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18778-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:12 <p>Information published.</p> A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local privileged (CAP_SYS_ADMIN) attacker to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0168 NULL Pointer Dereference 18638-16820 18617-16823 18638-16820 18617-16823 Moderate 18638-16820 Moderate 18617-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18638-16820 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0171 Improper Removal of Sensitive Information Before Storage or Transfer 18582-16820 18506-16823 18582-16820 18506-16823 Moderate 18582-16820 Moderate 18506-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18582-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18506-16823 CBL-Mariner Releases 18582-16820 No Security Update 5.10.149.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18582-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally an attacker who can intercept traffic can impersonate existing services resulting in a loss of confidentiality and integrity. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0336 Incorrect Default Permissions 16864-17084 16864-17084 Important 16864-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A vulnerability was found in linux kernel where an information leak occurs via ext4_extent_header to userspace. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0850 Exposure of Sensitive Information to an Unauthorized Actor 18610-16820 17832-16823 18610-16820 17832-16823 Important 18610-16820 Important 17832-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18610-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17832-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> 1.1 2023-08-26T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0934 Use After Free 19470-16823 19470-16823 Important 19470-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19470-16823 CBL-Mariner Releases 19470-16823 No Security Update 2.89-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19470-16823 CBL-Mariner Releases 1.0 2023-03-08T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory crash the system or escalate privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1043 Use After Free 18610-16820 18610-16820 Important 18610-16820 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18610-16820 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1117 Files or Directories Accessible to External Parties 19486-16823 19486-16823 Important 19486-16823 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19486-16823 CBL-Mariner Releases 19486-16823 No Security Update 1.3.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19486-16823 CBL-Mariner Releases 1.0 2022-09-09T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1204 Use After Free 18605-16820 18532-16823 18605-16820 18532-16823 Moderate 18605-16820 Moderate 18532-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18605-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18532-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18532-16823 No Security Update 5.15.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18532-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1205 NULL Pointer Dereference 18610-16820 18617-16823 18610-16820 18617-16823 Moderate 18610-16820 Moderate 18617-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18610-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1263 NULL Pointer Dereference 18610-16820 18617-16823 18610-16820 18617-16823 Moderate 18610-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18610-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-08T00:00:00 <p>Information published.</p> An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1508 Out-of-bounds Read 18610-16820 18610-16820 Moderate 18610-16820 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 18610-16820 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> Improper sanitization of Transfer-Encoding headers in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-1705 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 19693-17084 18315-17084 18641-16820 18642-16823 19679-17084 19697-17084 19693-17084 18315-17084 18641-16820 18642-16823 19679-17084 19697-17084 Moderate 19693-17084 Moderate 18315-17084 Moderate 18641-16820 Moderate 18642-16823 Moderate 19679-17084 Moderate 19697-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18641-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18642-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19679-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19697-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:41:31 <p>Information published.</p> Stack exhaustion due to deeply nested types in go/parser <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-1962 Uncontrolled Recursion 19693-17084 19679-17084 17485-17084 19697-17084 18641-16820 18642-16823 18315-17084 19693-17084 19679-17084 17485-17084 19697-17084 18641-16820 18642-16823 18315-17084 Moderate 19693-17084 Moderate 19679-17084 Moderate 17485-17084 Moderate 19697-17084 Moderate 18641-16820 Moderate 18642-16823 Moderate 18315-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19693-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19679-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17485-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19697-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18641-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18642-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18315-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.1 2026-02-18T14:35:38 <p>Information published.</p> 1.0 2022-08-16T00:00:00 <p>Information published.</p> A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this flaw to obtain and use tickets to other services. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2031 Improper Authentication 16864-17084 16864-17084 Important 16864-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2153 NULL Pointer Dereference 18610-16820 18617-16823 18610-16820 18617-16823 Moderate 18610-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18610-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-09-07T00:00:00 <p>Information published.</p> Linux Kernel LoadPin bypass via dm-verity table reload <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-2503 Improper Authentication 18605-16820 18617-16823 18605-16820 18617-16823 Moderate 18605-16820 Moderate 18617-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18605-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-18T00:00:00 <p>Information published.</p> A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2509 Double Free 18649-16820 18650-16823 18649-16820 18650-16823 Important 18649-16820 Important 18650-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18649-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18650-16823 CBL-Mariner Releases 18649-16820 No Security Update 3.6.14-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18649-16820 CBL-Mariner Releases CBL-Mariner Releases 18650-16823 No Security Update 3.7.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18650-16823 CBL-Mariner Releases 1.0 2022-08-06T00:00:00 <p>Information published.</p> Out-of-bounds Write to API in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2598 Out-of-bounds Write 18651-16820 18634-16823 18651-16820 18634-16823 Moderate 18651-16820 Moderate 18634-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18651-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18634-16823 CBL-Mariner Releases 18651-16820 No Security Update 9.0.0181-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18651-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> Stack exhaustion from deeply nested XML documents in encoding/xml <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-28131 Uncontrolled Recursion 19679-17084 19762-17084 19697-17084 18641-16820 18642-16823 18315-17084 19693-17084 19679-17084 19762-17084 19697-17084 18641-16820 18642-16823 18315-17084 19693-17084 Important 19679-17084 Important 19762-17084 Important 19697-17084 Important 18641-16820 Important 18642-16823 Important 18315-17084 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19762-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:27:36 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2819 Heap-based Buffer Overflow 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-17T00:00:00 <p>Information published.</p> 1.1 2022-08-18T00:00:00 <p>Added vim to CBL-Mariner 1.0</p> Improper Validation of Specified Quantity in Input in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2845 Improper Validation of Specified Quantity in Input 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases further exploitation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2867 Integer Underflow (Wrap or Wraparound) 17977-16820 18440-16823 17977-16820 18440-16823 Moderate 17977-16820 Moderate 18440-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18440-16823 CBL-Mariner Releases 17977-16820 18440-16823 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 18440-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2868 Improper Validation of Specified Quantity in Input 17977-16820 18440-16823 17977-16820 18440-16823 Moderate 17977-16820 Moderate 18440-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18440-16823 CBL-Mariner Releases 17977-16820 18440-16823 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 18440-16823 CBL-Mariner Releases 1.0 2022-08-19T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2873 Incorrect Calculation of Buffer Size 18605-16820 18506-16823 18605-16820 18506-16823 Moderate 18605-16820 Moderate 18506-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18605-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18506-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> NULL Pointer Dereference in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2923 NULL Pointer Dereference 18627-16820 18634-16823 18627-16820 18634-16823 Moderate 18627-16820 Moderate 18634-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18627-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 48d6ece8. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-2953 Out-of-bounds Read 18636-16820 18637-16823 18636-16820 18637-16823 Moderate 18636-16820 Moderate 18637-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18636-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18637-16823 CBL-Mariner Releases 18636-16820 No Security Update 4.4.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18636-16820 CBL-Mariner Releases CBL-Mariner Releases 18637-16823 No Security Update 4.4.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18637-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2991 Out-of-bounds Write 18605-16820 18605-16820 Moderate 18605-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18605-16820 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-3016 Use After Free 18627-16820 18634-16823 18627-16820 18634-16823 Important 18627-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18627-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18627-16820 No Security Update 9.0.0360-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18627-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> Stack exhaustion in Glob on certain paths in io/fs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30630 Uncontrolled Recursion 18315-17084 19693-17084 18641-16820 18642-16823 18315-17084 19693-17084 18641-16820 18642-16823 18315-17084 19693-17084 Important 18641-16820 Important 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> Stack exhaustion when decoding certain messages in encoding/gob <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-30635 Uncontrolled Recursion 19697-17084 18641-16820 18642-16823 19693-17084 18315-17084 19697-17084 18641-16820 18642-16823 19693-17084 18315-17084 Important 19697-17084 Important 18641-16820 Important 18642-16823 Important 19693-17084 Important 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18641-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18642-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:20:34 <p>Information published.</p> Exposure of client IP addresses in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-32148 19679-17084 19697-17084 18641-16820 18642-16823 18315-17084 19693-17084 19679-17084 19697-17084 18641-16820 18642-16823 18315-17084 19693-17084 Moderate 19679-17084 Moderate 19697-17084 Moderate 18641-16820 Moderate 18642-16823 Moderate 18315-17084 Moderate 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19679-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19697-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18641-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18642-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19693-17084 CBL-Mariner Releases 18641-16820 18642-16823 No Security Update 1.18.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18641-16820 18642-16823 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:06:20 <p>Information published.</p> A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-32742 Exposure of Sensitive Information to an Unauthorized Actor 16864-17084 16864-17084 Moderate 16864-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g. see the nodejs/node reference). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-37434 Out-of-bounds Write 19693-17084 19746-17084 19783-17084 19818-17084 18315-17084 19828-17084 19280-17084 19842-17084 18469-17084 19847-17084 19807-17084 19686-17084 18643-16820 18644-16823 16825-17084 16982-17084 18645-17084 19671-17084 16848-17084 19666-17084 19693-17084 19746-17084 19783-17084 19818-17084 18315-17084 19828-17084 19280-17084 19842-17084 18469-17084 19847-17084 19807-17084 19686-17084 18643-16820 18644-16823 16825-17084 16982-17084 18645-17084 19671-17084 16848-17084 19666-17084 Critical 19693-17084 Critical 19746-17084 Critical 19783-17084 Critical 19818-17084 Critical 18315-17084 Critical 19828-17084 Critical 19280-17084 Critical 19842-17084 Critical 18469-17084 Critical 19847-17084 Critical 19807-17084 Critical 19686-17084 Critical 18643-16820 Critical 18644-16823 Critical 16825-17084 Critical 16982-17084 Critical 18645-17084 Critical 19671-17084 Critical 16848-17084 Critical 19666-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19746-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19783-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19818-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18315-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19828-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19280-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19842-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19847-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19807-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19686-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18643-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18644-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16825-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16982-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18645-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16848-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19666-17084 CBL-Mariner Releases 19828-17084 18645-17084 No Security Update 8.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19828-17084 18645-17084 CBL-Mariner Releases CBL-Mariner Releases 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 18643-16820 18644-16823 No Security Update 1.2.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18643-16820 18644-16823 CBL-Mariner Releases CBL-Mariner Releases 16825-17084 No Security Update 2.5.12-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16825-17084 CBL-Mariner Releases CBL-Mariner Releases 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19666-17084 CBL-Mariner Releases 2.4 2026-02-18T14:14:38 <p>Information published.</p> 1.0 2022-08-12T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 2.3 2025-03-14T00:00:00 <p>Added teckit to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added crash to Azure Linux 3.0 Added zlib to CBL-Mariner 1.0 Added zlib to CBL-Mariner 2.0</p> In GNU Binutils before 2.40 there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-38533 Out-of-bounds Write 17988-16820 18639-16823 17988-16820 18639-16823 Moderate 17988-16820 Moderate 18639-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17988-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18639-16823 CBL-Mariner Releases 17988-16820 No Security Update 2.36.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17988-16820 CBL-Mariner Releases CBL-Mariner Releases 18639-16823 No Security Update 2.37-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18639-16823 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> In MariaDB before 10.9.2 compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure which allows local users to trigger a deadlock. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-38791 Improper Locking 16975-16820 16975-16820 Moderate 16975-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16975-16820 CBL-Mariner Releases 16975-16820 No Security Update 10.3.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16975-16820 CBL-Mariner Releases 1.0 2022-09-03T00:00:00 <p>Information published.</p> The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory which may cause a memory leak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33645 Missing Release of Memory after Effective Lifetime 18870-16820 18871-16823 18850-17084 18870-16820 18871-16823 18850-17084 Important 18870-16820 Important 18871-16823 Important 18850-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18870-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18871-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18850-17084 CBL-Mariner Releases 18870-16820 18871-16823 No Security Update 1.2.20-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18870-16820 18871-16823 CBL-Mariner Releases CBL-Mariner Releases 18850-17084 No Security Update 1.2.20-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18850-17084 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory which may cause a memory leak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33646 Missing Release of Memory after Effective Lifetime 18870-16820 18871-16823 18850-17084 18870-16820 18871-16823 18850-17084 Important 18870-16820 Important 18871-16823 Important 18850-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18870-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18871-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18850-17084 CBL-Mariner Releases 18870-16820 18871-16823 No Security Update 1.2.20-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18870-16820 18871-16823 CBL-Mariner Releases CBL-Mariner Releases 18850-17084 No Security Update 1.2.20-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18850-17084 CBL-Mariner Releases 1.0 2022-08-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3639 URL Redirection to Untrusted Site (&#39;Open Redirect&#39;) 19463-16823 19463-16823 Moderate 19463-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19463-16823 CBL-Mariner Releases 19463-16823 No Security Update 0.16.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19463-16823 CBL-Mariner Releases 1.0 2022-08-27T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4209 NULL Pointer Dereference 18862-16820 18862-16820 Moderate 18862-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18862-16820 CBL-Mariner Releases 18862-16820 No Security Update 3.6.14-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18862-16820 CBL-Mariner Releases 1.0 2022-08-31T00:00:00 <p>Information published.</p> Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2021-43766 Improper Certificate Validation 18630-16820 18630-16820 Important 18630-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18630-16820 CBL-Mariner Releases 18630-16820 No Security Update 12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18630-16820 CBL-Mariner Releases 1.0 2022-09-01T00:00:00 <p>Information published.</p> The vulnerability in unzip occurs due to improper handling of Unicode strings <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4217 NULL Pointer Dereference 18791-16820 18860-16823 18861-17084 18791-16820 18860-16823 18861-17084 Low 18791-16820 Low 18860-16823 Low 18861-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18791-16820 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18860-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18861-17084 CBL-Mariner Releases 18791-16820 No Security Update 6.0-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18791-16820 CBL-Mariner Releases CBL-Mariner Releases 18860-16823 18861-17084 No Security Update 6.0-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18860-16823 18861-17084 CBL-Mariner Releases 1.0 2025-04-11T00:00:00 <p>Information published.</p> 2.0 2025-04-16T00:00:00 <p>Information published.</p> The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31321 Improper Input Validation 19642-16823 19642-16823 Critical 19642-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19642-16823 CBL-Mariner Releases 19642-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19642-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:17 <p>Information published.</p> Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-30133 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <p>This vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.</p> <p><strong>Warning</strong>: Disabling Port 1723 could affect communications over your network.</p> <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Bluetooth Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows Bluetooth Service Microsoft Yes CVE-2022-30144 11568 11569 11570 11896 11897 11898 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10481 10482 10484 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Important 11568 Important 11569 Important 11570 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10481 Important 10482 Important 10484 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11929 11930 11931 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 Fernando Perera with <a href="https://www.layakk.com/">LAYAKK</a> <a href="https://www.layakk.com/">Jose Pico</a> with <a href="https://www.layakk.com/">LAYAKK</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-33636 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 104.0.1293.47 koocola koocola 1.0 2022-08-05T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2022-33648 11605 Remote Code Execution 11605 Important 11605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 5002228 https://www.microsoft.com/download/details.aspx?familyid=f4b233ca-6b20-4c92-970e-07e6857255bc 5002210 11605 Maybe Security Update 16.0.10389.20000 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A dialog feature that asks users to allow the launching of the Microsoft Store application is bypassed.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-33649 11655 Security Feature Bypass 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 104.0.1293.47 jinmo123 with <a href="https://theori.io/">Theori</a> 1.0 2022-08-05T07:00:00 <p>Information published.</p> Windows Partition Management Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Partition Management Driver Microsoft Yes CVE-2022-33670 11926 11896 11801 11803 11802 11569 11923 10816 11568 11898 11570 10482 11927 11897 10852 11571 11930 11929 11924 10855 10484 10378 11572 11931 10483 10543 10853 10735 10729 10379 10481 Elevation of Privilege 11926 Elevation of Privilege 11896 Elevation of Privilege 11801 Elevation of Privilege 11803 Elevation of Privilege 11802 Elevation of Privilege 11569 Elevation of Privilege 11923 Elevation of Privilege 10816 Elevation of Privilege 11568 Elevation of Privilege 11898 Elevation of Privilege 11570 Elevation of Privilege 10482 Elevation of Privilege 11927 Elevation of Privilege 11897 Elevation of Privilege 10852 Elevation of Privilege 11571 Elevation of Privilege 11930 Elevation of Privilege 11929 Elevation of Privilege 11924 Elevation of Privilege 10855 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 11572 Elevation of Privilege 11931 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10853 Elevation of Privilege 10735 Elevation of Privilege 10729 Elevation of Privilege 10379 Elevation of Privilege 10481 Important 11926 Important 11896 Important 11801 Important 11803 Important 11802 Important 11569 Important 11923 Important 10816 Important 11568 Important 11898 Important 11570 Important 10482 Important 11927 Important 11897 Important 10852 Important 11571 Important 11930 Important 11929 Important 11924 Important 10855 Important 10484 Important 10378 Important 11572 Important 11931 Important 10483 Important 10543 Important 10853 Important 10735 Important 10729 Important 10379 Important 10481 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11898 11897 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11801 11803 11802 11898 11897 11930 11929 11931 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11803 11802 Yes Security Update 10.0.19042.1889 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11569 11568 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11569 11568 11570 11571 11572 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10816 10852 10855 10853 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10482 10483 10543 10481 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10482 10483 10543 10481 Yes Security Only 6.3.9600.20520 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11930 11929 11931 Yes Security Update 10.0.19044.1889 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 10729 Yes Security Update 10.0.10240.19387 vinhthp1712 working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Information Disclosure Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability would allow an attacker to disclose information stored on the system running the Azure RTOS GUIX Studio.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-34685 12055 Information Disclosure 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Information Disclosure Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability would allow an attacker to disclose information stored on the system running the Azure RTOS GUIX Studio.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-34686 12055 Information Disclosure 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-34687 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Active Directory Domain Services Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.</p> <p><strong>Where can I find out more information about this vulnerability?</strong></p> <p>Please see <a href="https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16">Certificate-based authentication changes on Windows domain controllers</a> for more information and ways to protect yourself.</p> Active Directory Domain Services Microsoft Yes CVE-2022-34691 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>A system is vulnerable only if both the Active Directory Certificate Services role and the Active Directory Domain Services role are installed on a server in the network. Note that they would not necessarily need to be on the same server.</p> <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> Oliver Lyak (@ly4k_) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> Zoltan Harmath of Microsoft 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-08-30T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows Hyper-V Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this Remote Code Execution vulnerability?</strong></p> <p>An authenticated attacker who successfully exploited a race condition from a Hyper-V guest could attempt to trigger malicious code in the context of that user to attempt an arbitrary or remote code execution on the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-34696 11569 11571 11572 11896 11923 11924 11803 11926 11931 10735 10853 10816 10855 10482 10483 10543 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11931 Remote Code Execution 10735 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10482 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11569 Critical 11571 Critical 11572 Critical 11896 Critical 11923 Critical 11924 Critical 11803 Critical 11926 Critical 11931 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Critical 10482 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11569 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11569 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11803 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10482 10483 10543 Yes Security Only 6.3.9600.20520 <a href="https://twitter.com/rezer0dai">PETER HLAVATY</a> with Fruit your Game 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2022-34699 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 Bruno PUJOS (@brunopujos) from REverse Tactics working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Partition Management Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Partition Management Driver Microsoft Yes CVE-2022-34703 11568 11801 11571 11926 11931 11896 11930 11897 11898 11803 11924 11927 11572 10853 11570 10735 11569 11923 10852 11929 10729 10816 10855 11802 Elevation of Privilege 11568 Elevation of Privilege 11801 Elevation of Privilege 11571 Elevation of Privilege 11926 Elevation of Privilege 11931 Elevation of Privilege 11896 Elevation of Privilege 11930 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11803 Elevation of Privilege 11924 Elevation of Privilege 11927 Elevation of Privilege 11572 Elevation of Privilege 10853 Elevation of Privilege 11570 Elevation of Privilege 10735 Elevation of Privilege 11569 Elevation of Privilege 11923 Elevation of Privilege 10852 Elevation of Privilege 11929 Elevation of Privilege 10729 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 11802 Important 11568 Important 11801 Important 11571 Important 11926 Important 11931 Important 11896 Important 11930 Important 11897 Important 11898 Important 11803 Important 11924 Important 11927 Important 11572 Important 10853 Important 11570 Important 10735 Important 11569 Important 11923 Important 10852 Important 11929 Important 10729 Important 10816 Important 10855 Important 11802 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11571 11572 11570 11569 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11571 11572 11570 11569 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11803 11802 Yes Security Update 10.0.19042.1889 5016616 https://support.microsoft.com/help/5016616 11801 11931 11896 11930 11897 11898 11803 11929 11802 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11931 11930 11929 Yes Security Update 10.0.19044.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11924 11923 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11924 11923 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10853 10852 10816 10855 Yes Security Update 10.0.14393.5291 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 10729 Yes Security Update 10.0.10240.19387 nhiadt12 from Viettel Cyber Security working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Local Security Authority (LSA) Microsoft Yes CVE-2022-34706 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2022-34707 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2022-34708 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Defender Credential Guard Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34709 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Defender Credential Guard Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access Kerberos protected data.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34710 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Defender Credential Guard Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access Kerberos protected data.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34712 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>There have been a few CVEs regarding Microsoft Support Diagnostic Tool (MSDT) issued by Microsoft recently. Is this one related to those?</strong></p> <p>In May, Microsoft released a <a href="https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/">blog</a> giving guidance for a vulnerability in MSDT and released updates to address it shortly thereafter. Public discussion of a vulnerability can encourage further scrutiny on the component, both by Microsoft security personnel as well as our research partners. This CVE addresses the vulnerability publicly known as Dogwalk.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Microsoft Yes CVE-2022-34713 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11896 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11897 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11898 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11803 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10047 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10048 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10481 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10482 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10484 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://www.linkedin.com/in/imre-rad-2358749b/">Imre Rad</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-08-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-34714 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Network File System Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).</p> <p><strong>What version of Network File System (NFS) is affected by this vulnerability?</strong></p> <p>Servers that have Network File System version 4.0 (NFS 4.0) installed are affected by this vulnerability.</p> <p><strong>I am running a supported version of Windows Server. Is my system vulnerable to this issue?</strong></p> <p>This vulnerability is only exploitable for systems that have the NFS role enabled. See <a href="https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview">NFS Overview</a> for more information on this feature. More information on installing or uninstalling Roles or Role Services is available <a href="https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard">here</a>.</p> Windows Network File System Microsoft Yes CVE-2022-34715 11923 11924 Remote Code Execution 11923 Remote Code Execution 11924 Important 11923 Important 11924 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p><strong>Disable NFSV4.1</strong></p> <p>This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.</p> <p><strong>Warning</strong> You should NOT apply this mitigation unless you have installed all previous Windows security updates.</p> <ol> <li>To disable NFSV4.1, run the following PowerShell command:</li> </ol> <p><code>PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false </code></p> <ol start="2"> <li>After running the command, you will need to restart the NFS server or reboot the machine. To restart NFS server, start a <strong>cmd</strong> window with <strong>Run as Administrator</strong>, enter the following commands:</li> </ol> <p><code>nfsadmin server stop</code> <code>nfsadmin server start</code></p> <ol start="3"> <li>To confirm that NFSv4.1 has been turned off, run the following command:</li> </ol> <p><code>PS C:\Get-NfsServerConfiguration</code></p> <ol start="4"> <li>In the output, verify that EnableNFSV4 is <strong>False</strong></li> </ol> <pre><code>EnableNFSV2 : True EnableNFSV3 : True EnableNFSV4 : False </code></pre> <p><strong>How to undo the mitigation</strong></p> <ol> <li>To re-enable NFSv4.1 after you have installed the latest Windows security updates, run the following command:</li> </ol> <p><code>Set-NfsServerConfiguration -EnableNFSV4 $True </code></p> <ol start="2"> <li>After running the command, restart NFS server or reboot the machine.</li> </ol> Arimura 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Outlook Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. This could lead to a denial of service BEFORE the email is viewed in the Preview Pane.</p> Microsoft Office Outlook Microsoft Yes CVE-2022-35742 11573 11574 11762 11763 11952 11953 10765 10766 10810 10811 10407 Denial of Service 11573 Denial of Service 11574 Denial of Service 11762 Denial of Service 11763 Denial of Service 11952 Denial of Service 11953 Denial of Service 10765 Denial of Service 10766 Denial of Service 10810 Denial of Service 10811 Denial of Service 10407 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10765 Important 10766 Important 10810 Important 10811 Important 10407 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11573 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11574 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11762 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11763 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11952 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11953 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10765 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10766 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10810 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10811 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10407 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002051 https://www.microsoft.com/download/details.aspx?familyid=8b792f48-8003-4dff-bf18-25e78521c840 5001942 10765 Maybe Security Update 16.0.4966.1000 5002051 https://www.microsoft.com/download/details.aspx?familyid=1860e317-1de9-4f8c-82f7-3cc7abf9967b 5001942 10766 Maybe Security Update 16.0.4966.1000 5001990 https://www.microsoft.com/download/details.aspx?familyid=57639b94-23e6-455d-a4e0-54b1a29c9808 5001934 10810 Maybe Security Update 15.0.5475.1001 5001990 https://www.microsoft.com/download/details.aspx?familyid=f94906a7-057c-442b-9cf5-e1f09b5ed0d8 5001934 10811 Maybe Security Update 15.0.5475.1001 5001990 5001934 10407 Maybe Security Update 15.0.5475.1001 insu of 78 Research Lab working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-08-19T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Microsoft Yes CVE-2022-35743 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/mattifestation">Matt Graeber</a> with <a href="https://redcanary.com/">Red Canary</a> Bill Demirkapi of Microsoft 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-35744 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <p>This vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.</p> <p><strong>Warning</strong>: Disabling Port 1723 could affect communications over your network.</p> <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-35745 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Digital Media Receiver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2022-35746 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to denial of service (DOS) on the RAS server machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-35747 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> HTTP.sys Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the <a href="https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability">Server Name Indication (SNI)</a> over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS).</p> Windows Internet Information Services Microsoft Yes CVE-2022-35748 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11803 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11571 11572 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016616 https://support.microsoft.com/help/5016616 11803 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10816 10855 Yes Security Update 10.0.14393.5291 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10483 10543 Yes Security Only 6.3.9600.20520 <a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Digital Media Receiver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2022-35749 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Canonical Display Driver Microsoft Yes CVE-2022-35750 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Marcin Wiazowski working with Trend Micro Zero Day Initiative Marcin Wiazowski working with Trend Micro Zero Day Initiative 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-35751 11569 11571 11572 11896 11923 11924 11803 11926 11931 10735 10853 10816 10855 10048 10482 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11931 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10048 Elevation of Privilege 10482 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11896 Important 11923 Important 11924 Important 11803 Important 11926 Important 11931 Important 10735 Important 10853 Important 10816 Important 10855 Important 10048 Important 10482 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11569 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11569 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11803 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/securiteam_ssd">Yongil Lee</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> liuquan of K360 Security Phan Thanh Duy (@PTDuy), Le Huu Quang Linh (@linhlhq) of STAR Labs working with Trend Micro Zero Day Initiative 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-08-19T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The vulnerable system can be exploited without any interaction from any user.</p> Remote Access Service Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-35752 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The vulnerable system can be exploited without any interaction from any user.</p> Remote Access Service Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-35753 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Unified Write Filter Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Unified Write Filter Microsoft Yes CVE-2022-35754 11568 11896 11898 11926 11803 10735 10855 11570 11927 11897 11572 11801 11571 10853 10482 11569 10729 10481 11802 10484 11930 10852 10816 10378 10379 10543 11931 10483 11929 Elevation of Privilege 11568 Elevation of Privilege 11896 Elevation of Privilege 11898 Elevation of Privilege 11926 Elevation of Privilege 11803 Elevation of Privilege 10735 Elevation of Privilege 10855 Elevation of Privilege 11570 Elevation of Privilege 11927 Elevation of Privilege 11897 Elevation of Privilege 11572 Elevation of Privilege 11801 Elevation of Privilege 11571 Elevation of Privilege 10853 Elevation of Privilege 10482 Elevation of Privilege 11569 Elevation of Privilege 10729 Elevation of Privilege 10481 Elevation of Privilege 11802 Elevation of Privilege 10484 Elevation of Privilege 11930 Elevation of Privilege 10852 Elevation of Privilege 10816 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10543 Elevation of Privilege 11931 Elevation of Privilege 10483 Elevation of Privilege 11929 Important 11568 Important 11896 Important 11898 Important 11926 Important 11803 Important 10735 Important 10855 Important 11570 Important 11927 Important 11897 Important 11572 Important 11801 Important 11571 Important 10853 Important 10482 Important 11569 Important 10729 Important 10481 Important 11802 Important 10484 Important 11930 Important 10852 Important 10816 Important 10378 Important 10379 Important 10543 Important 11931 Important 10483 Important 11929 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11570 11572 11571 11569 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11570 11572 11571 11569 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11898 11897 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11898 11803 11897 11801 11802 11930 11931 11929 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 11801 11802 Yes Security Update 10.0.19042.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 10729 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10855 10853 10852 10816 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10482 10481 10543 10483 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10482 10481 10543 10483 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11930 11931 11929 Yes Security Update 10.0.19044.1889 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-35755 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not disabled, follow these steps:</p> <p><strong>Stop and disable the Print Spooler service</strong></p> <p>If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Kerberos Microsoft Yes CVE-2022-35756 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/monoxgas">Nick Landers</a> with <a href="https://netspi.com/">NetSPI</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a windows client connects to a malicious remote share.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2022-35757 11568 11569 11923 11924 11896 11801 11926 11802 11898 11931 11929 11803 11897 11572 11930 11927 11571 11570 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11896 Elevation of Privilege 11801 Elevation of Privilege 11926 Elevation of Privilege 11802 Elevation of Privilege 11898 Elevation of Privilege 11931 Elevation of Privilege 11929 Elevation of Privilege 11803 Elevation of Privilege 11897 Elevation of Privilege 11572 Elevation of Privilege 11930 Elevation of Privilege 11927 Elevation of Privilege 11571 Elevation of Privilege 11570 Important 11568 Important 11569 Important 11923 Important 11924 Important 11896 Important 11801 Important 11926 Important 11802 Important 11898 Important 11931 Important 11929 Important 11803 Important 11897 Important 11572 Important 11930 Important 11927 Important 11571 Important 11570 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11572 11571 11570 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11572 11571 11570 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11898 11897 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11801 11802 11898 11931 11929 11803 11897 11930 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11931 11929 11930 Yes Security Update 10.0.19044.1889 QueryX Team with <a href="https://theori.io/">THEORI</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Local Security Authority (LSA) Denial of Service Vulnerability Windows Local Security Authority (LSA) Microsoft Yes CVE-2022-35759 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft ATA Port Driver Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a windows client connects to a malicious remote share.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Microsoft ATA Port Driver Microsoft Yes CVE-2022-35760 11896 11929 11897 11927 11898 11924 11930 11923 11926 11802 10378 11931 10379 11801 11570 11803 11572 11569 11568 10855 11571 10816 10735 10729 10481 10853 10048 10483 10543 10051 10047 10484 10482 10852 10049 Elevation of Privilege 11896 Elevation of Privilege 11929 Elevation of Privilege 11897 Elevation of Privilege 11927 Elevation of Privilege 11898 Elevation of Privilege 11924 Elevation of Privilege 11930 Elevation of Privilege 11923 Elevation of Privilege 11926 Elevation of Privilege 11802 Elevation of Privilege 10378 Elevation of Privilege 11931 Elevation of Privilege 10379 Elevation of Privilege 11801 Elevation of Privilege 11570 Elevation of Privilege 11803 Elevation of Privilege 11572 Elevation of Privilege 11569 Elevation of Privilege 11568 Elevation of Privilege 10855 Elevation of Privilege 11571 Elevation of Privilege 10816 Elevation of Privilege 10735 Elevation of Privilege 10729 Elevation of Privilege 10481 Elevation of Privilege 10853 Elevation of Privilege 10048 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10051 Elevation of Privilege 10047 Elevation of Privilege 10484 Elevation of Privilege 10482 Elevation of Privilege 10852 Elevation of Privilege 10049 Important 11896 Important 11929 Important 11897 Important 11927 Important 11898 Important 11924 Important 11930 Important 11923 Important 11926 Important 11802 Important 10378 Important 11931 Important 10379 Important 11801 Important 11570 Important 11803 Important 11572 Important 11569 Important 11568 Important 10855 Important 11571 Important 10816 Important 10735 Important 10729 Important 10481 Important 10853 Important 10048 Important 10483 Important 10543 Important 10051 Important 10047 Important 10484 Important 10482 Important 10852 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11929 11897 11898 11930 11802 11931 11801 11803 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11927 11926 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11927 11926 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11924 11923 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11924 11923 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11802 11801 11803 Yes Security Update 10.0.19042.1889 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11570 11572 11569 11568 11571 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11570 11572 11569 11568 11571 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10855 10816 10853 10852 Yes Security Update 10.0.14393.5291 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10735 10729 Yes Security Update 10.0.10240.19387 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10483 10543 10482 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10483 10543 10482 Yes Security Only 6.3.9600.20520 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10048 10051 10047 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10048 10051 10047 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10048 10051 10047 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10048 10051 10047 10049 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2022-35761 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Storage Spaces Direct Microsoft Yes CVE-2022-35762 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 1.0 2022-08-09T07:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Storage Spaces Direct Microsoft Yes CVE-2022-35763 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 1.0 2022-08-09T07:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Storage Spaces Direct Microsoft Yes CVE-2022-35764 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 1.0 2022-08-09T07:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Storage Spaces Direct Microsoft Yes CVE-2022-35765 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 1.0 2022-08-09T07:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Storage Spaces Direct Microsoft Yes CVE-2022-35792 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-35796 11655 Elevation of Privilege 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 104.0.1293.47 koocola koocola 1.0 2022-08-05T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-35773 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>Why are there different security update packages for this CVE?</strong></p> <p>These are standalone security updates. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.</p> <p><strong>Are there any prerequisites to these security updates?</strong></p> <p>These security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built in pre-requisite logic to ensure the ordering.</p> <p>Customer should ensure that they have the latest Servicing Stack Update installed before installing these standalone security updates. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for more information.</p> <p><strong>If I need to manually install these standalone updates, a Servicing Stack Update, and an August 2022 Security Update, in what order should they be installed?</strong></p> <p>Customers who need to manually install these three updates should install them in the following order:</p> <ul> <li>Servicing Stack Update</li> <li>Standalone Secure Boot Update listed in this CVE</li> <li>August 2022 Security Update</li> </ul> <p>Customers whose systems are configured to receive automatic updates will automatically receive these updates in the correct order.</p> <p><strong>Is there anything else that I should know about these updates?</strong></p> <p>If Windows Defender Credential Guard (Virtual Secure Mode) is enabled, two additional reboots will be required.</p> <p><strong>Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?</strong></p> <p>This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.</p> Windows Secure Boot CERT/CC Yes CVE-2022-34303 11568 11569 11570 11571 11572 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 11896 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 11896 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Important 11896 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11568 10852 10853 10816 10855 Maybe Security Update 10.0.14393.5285 5012170 https://support.microsoft.com/help/5012170 11568 11569 11570 11571 11572 11897 11898 11801 11802 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 11896 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11569 11570 11571 11572 Maybe Security Update 10.0.17763.3284 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11897 11898 11896 Maybe Security Update 10.0.19043.1880 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11801 11802 Maybe Security Update 10.0.19042.1880 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016616 https://support.microsoft.com/help/5016616 11803 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11929 11930 11931 Maybe Security Update 10.0.19044.1880 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10729 10735 Maybe Security Update 1.002 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10481 10482 10483 10543 Maybe Security Update V1.003 5012170 4535680 10484 Maybe Security Update V1.003 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10378 10379 Maybe Security Update V1.002 1.0 2022-08-09T07:00:00 <p>Information published.</p> CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>Why are there different security update packages for this CVE?</strong></p> <p>These are standalone security updates. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.</p> <p><strong>Are there any prerequisites to these security updates?</strong></p> <p>These security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built in pre-requisite logic to ensure the ordering.</p> <p>Customer should ensure that they have the latest Servicing Stack Update installed before installing these standalone security updates. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for more information.</p> <p><strong>If I need to manually install these standalone updates, a Servicing Stack Update, and an August 2022 Security Update, in what order should they be installed?</strong></p> <p>Customers who need to manually install these three updates should install them in the following order:</p> <ul> <li>Servicing Stack Update</li> <li>Standalone Secure Boot Update listed in this CVE</li> <li>August 2022 Security Update</li> </ul> <p>Customers whose systems are configured to receive automatic updates will automatically receive these updates in the correct order.</p> <p><strong>Is there anything else that I should know about these updates?</strong></p> <p>If Windows Defender Credential Guard (Virtual Secure Mode) is enabled, two additional reboots will be required.</p> <p><strong>Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?</strong></p> <p>This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.</p> Windows Secure Boot CERT/CC Yes CVE-2022-34301 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11568 10852 10853 10816 10855 Maybe Security Update 10.0.14393.5285 5012170 https://support.microsoft.com/help/5012170 11568 11569 11570 11571 11572 11896 11897 11898 11801 11802 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11569 11570 11571 11572 Maybe Security Update 10.0.17763.3284 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11896 11897 11898 Maybe Security Update 10.0.19043.1880 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11801 11802 Maybe Security Update 10.0.19042.1880 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016616 https://support.microsoft.com/help/5016616 11803 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11929 11930 11931 Maybe Security Update 10.0.19044.1880 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10729 10735 Maybe Security Update 1.002 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10481 10482 10483 10543 Maybe Security Update V1.003 5012170 4535680 10484 Maybe Security Update V1.003 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10378 10379 Maybe Security Update V1.002 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Denial of Service Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within the VNET associated with the vulnerable configuration server.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the configuration server but also impacts the process server.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35776 12018 Denial of Service 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.6 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What privileges are required?</strong></p> <p>To successfully exploit this vulnerability, an attacker needs to be authorized as a local user on the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>No special privileges are required to exploit this vulnerability. An attacker needs to have network connectivity to the replication appliance.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow an attacker to disclose encrypted credential and modify data using the credentials, but cannot impact the availability of the service.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35802 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> SMB Client and Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target system. This vulnerability can be exploited through two different vectors:</p> <ul> <li><p><strong>For the vulnerability to be exploited on the SMB Client</strong>, an unauthenticated attacker would first need to configure a malicious SMBv3 server and convince a user to connect to it by enticing them to click a specially crafted link.</p> </li> <li><p>**For the vulnerability to be exploited on the SMB Server **, an authenticated attacker could send specially crafted packets from an SMB Client to a targeted SMBv3 Server.</p> </li> </ul> <p><strong>What steps can I take to protect my network?</strong></p> <ol> <li><strong>Block TCP port 445 at the enterprise perimeter firewall</strong></li> </ol> <ul> <li>TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. <strong>However, systems could still be vulnerable to attacks from within their enterprise perimeter.</strong></li> </ul> <ol start="2"> <li><strong>Follow Microsoft guidelines to prevent SMB traffic from lateral connections and entering or leaving the network</strong></li> </ol> <p>Secure SMB Traffic in Windows Server: *<a href="https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic">https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic</a></p> <p><strong>Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability?</strong></p> <p>No.</p> Windows Kernel Microsoft Yes CVE-2022-35804 11926 11927 Remote Code Execution 11926 Remote Code Execution 11927 Critical 11926 Critical 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 <p>The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place.</p> <p><strong>Disable SMBv3 compression</strong></p> <p>To block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Client with the following PowerShell command:</p> <pre><code> Set-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters&quot; DisableCompression -Type DWORD -Value 1 -Force </code></pre> <p>To block authenticated attackers from exploiting the vulnerability against an SMBv3 Server with the following PowerShell command:</p> <pre><code> Set-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters&quot; DisableCompression -Type DWORD -Value 1 -Force </code></pre> <p><strong>Note</strong>: No reboot is needed after making the change.</p> <p><strong>How to undo the workaround</strong>: You can revert the workaround with the following PowerShell command:</p> <pre><code> Remove-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters&quot; -Name &quot;DisableCompression&quot; -Force Remove-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters&quot; -Name &quot;DisableCompression&quot; -Force </code></pre> <p><strong>Note</strong>: No reboot is needed after reverting the workaround.</p> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass KASLR (Kernel Address Space Layout Randomization). See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10#address-space-layout-randomization">Mitigate threats by using Windows 10 security features</a>.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Kernel Microsoft Yes CVE-2022-30197 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 Jarvis_1oop of vulnerability research institute 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35780 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35781 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-30175 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-30176 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows WebBrowser Control Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows WebBrowser Control Microsoft Yes CVE-2022-30194 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Eduardo Braun Prado working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Excel Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this could bypass The Packager Object Filters feature.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2022-33631 11573 11574 11762 11763 11952 11953 10739 10740 10656 10654 10655 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10739 Security Feature Bypass 10740 Security Feature Bypass 10656 Security Feature Bypass 10654 Security Feature Bypass 10655 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002232 https://www.microsoft.com/download/details.aspx?familyid=96bb0ab3-5b99-43dd-81be-3e070106c604 5002208 10739 Maybe Security Update 16.0.14931.20612 5002232 https://www.microsoft.com/download/details.aspx?familyid=e7a6dcbe-1ab4-42ba-b451-ed2292b7994a 5002208 10740 Maybe Security Update 16.0.14931.20612 5002242 5002220 10656 Maybe Security Update 15.0.5475.1001 5002242 https://support.microsoft.com/help/5002242 10656 10654 10655 5002242 https://www.microsoft.com/download/details.aspx?familyid=d84d0c2f-77d5-4150-9838-98062449d342 5002220 10654 Maybe Security Update 15.0.5475.1001 5002242 https://www.microsoft.com/download/details.aspx?familyid=071fde88-6122-4eb9-af8f-0c4b56b3e480 5002220 10655 Maybe Security Update 15.0.5475.1001 Hidetake Jo with Microsoft 1.0 2022-08-09T07:00:00 <p>Information published.</p> CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>Why are there different security update packages for this CVE?</strong></p> <p>These are standalone security updates. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.</p> <p><strong>Are there any prerequisites to these security updates?</strong></p> <p>These security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built in pre-requisite logic to ensure the ordering.</p> <p>Customer should ensure that they have the latest Servicing Stack Update installed before installing these standalone security updates. See <a href="https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001">ADV990001 | Latest Servicing Stack Updates</a> for more information.</p> <p><strong>If I need to manually install these standalone updates, a Servicing Stack Update, and an August 2022 Security Update, in what order should they be installed?</strong></p> <p>Customers who need to manually install these three updates should install them in the following order:</p> <ul> <li>Servicing Stack Update</li> <li>Standalone Secure Boot Update listed in this CVE</li> <li>August 2022 Security Update</li> </ul> <p>Customers whose systems are configured to receive automatic updates will automatically receive these updates in the correct order.</p> <p><strong>Is there anything else that I should know about these updates?</strong></p> <p>If Windows Defender Credential Guard (Virtual Secure Mode) is enabled, two additional reboots will be required.</p> <p><strong>Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?</strong></p> <p>This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.</p> Windows Secure Boot CERT/CC Yes CVE-2022-34302 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11568 10852 10853 10816 10855 Maybe Security Update 10.0.14393.5285 5012170 https://support.microsoft.com/help/5012170 11568 11569 11570 11571 11572 11896 11897 11898 11801 11802 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11569 11570 11571 11572 Maybe Security Update 10.0.17763.3284 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11896 11897 11898 Maybe Security Update 10.0.19043.1880 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11801 11802 Maybe Security Update 10.0.19042.1880 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11803 Yes Security Update 10.0.19042.1889 5016616 https://support.microsoft.com/help/5016616 11803 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 11929 11930 11931 Maybe Security Update 10.0.19044.1880 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10729 10735 Maybe Security Update 1.002 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10481 10482 10483 10543 Maybe Security Update V1.003 5012170 4535680 10484 Maybe Security Update V1.003 5012170 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5012170 4535680 10378 10379 Maybe Security Update V1.002 <a href="https://twitter.com/hackingthings">Mickey Shkatov</a> and <a href="https://twitter.com/jessemichael">Jesse Michael </a> with <a href="https://eclypsium.com/">Eclypsium</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see <a href="https://aka.ms/ExchangeEPDoc">Exchange Server Support for Windows Extended Protection</a>.</p> <p><strong>Is there more information available about this release of Exchange Server?</strong></p> <p>For more information on this issue, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862">The Exchange Blog</a>.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could read targeted email messages.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have internal knowledge of the target Exchange account including the security identifier (SID) for the account to use for impersonation or delegate access.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-21979 11957 11682 11956 12038 12039 Information Disclosure 11957 Information Disclosure 11682 Information Disclosure 11956 Information Disclosure 12038 Information Disclosure 12039 Important 11957 Important 11682 Important 11956 Important 12038 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11957 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11682 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11956 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12038 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 5019077 https://www.microsoft.com/download/details.aspx?familyid=39945af4-067e-4159-9d97-ba54bbbb8a28 5015322 11957 Yes Security Update 15.02.0986.030 5019076 https://www.microsoft.com/download/details.aspx?familyid=15fb9b27-c3d4-4f23-9e39-a4f30444f3f1 5015321 11682 Yes Security Update 15.00.1497.042 5019077 https://www.microsoft.com/download/details.aspx?familyid=bcd6d182-6e4e-4d95-a54f-bb74071f29d9 5015322 11956 Yes Security Update 15.01.2375.032 5019077 https://www.microsoft.com/download/details.aspx?familyid=7f879102-4572-41f1-b21a-d223d00cd813 5015322 12038 Yes Security Update 15.02.1118.015 5019077 https://www.microsoft.com/download/details.aspx?familyid=3f0110e8-14c8-496a-bc2a-1a1675970eb1 5015322 12039 Yes Security Update 15.01.2507.013 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added an FAQ. This is an information change only.</p> 2.0 2022-10-11T07:00:00 <p>To address known issue of Outlook Probes not functioning properly with extended protection turned on, Microsoft has updated the Microsoft Exchange security updates. Please see the <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263">Exchange Team Blog</a> for more information.</p> 1.2 2022-09-27T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see <a href="https://aka.ms/ExchangeEPDoc">Exchange Server Support for Windows Extended Protection</a>.</p> <p><strong>Is there more information available about this release of Exchange Server?</strong></p> <p>For more information on this issue, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862">The Exchange Blog</a>.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-21980 11682 11957 11956 12038 12039 Elevation of Privilege 11682 Elevation of Privilege 11957 Elevation of Privilege 11956 Elevation of Privilege 12038 Elevation of Privilege 12039 Critical 11682 Critical 11957 Critical 11956 Critical 12038 Critical 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5019076 https://www.microsoft.com/download/details.aspx?familyid=15fb9b27-c3d4-4f23-9e39-a4f30444f3f1 5015321 11682 Yes Security Update 15.00.1497.042 5019077 https://www.microsoft.com/download/details.aspx?familyid=39945af4-067e-4159-9d97-ba54bbbb8a28 5015322 11957 Yes Security Update 15.02.0986.030 5019077 https://www.microsoft.com/download/details.aspx?familyid=bcd6d182-6e4e-4d95-a54f-bb74071f29d9 5015322 11956 Yes Security Update 15.01.2375.032 5019077 https://www.microsoft.com/download/details.aspx?familyid=7f879102-4572-41f1-b21a-d223d00cd813 5015322 12038 Yes Security Update 15.02.1118.015 5019077 https://www.microsoft.com/download/details.aspx?familyid=3f0110e8-14c8-496a-bc2a-1a1675970eb1 5015322 12039 Yes Security Update 15.01.2507.013 <a href="https://twitter.com/cjm00nw">Yuhao Weng</a> with <a href="https://www.sangfor.com/">Sangfor</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> <a href="https://twitter.com/D1iv3">Tianze Ding (@D1iv3)</a> with <a href="https://xlab.tencent.com/">Tencent Xuanwu Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 2.0 2022-10-11T07:00:00 <p>To address known issue of Outlook Probes not functioning properly with extended protection turned on, Microsoft has updated the Microsoft Exchange security updates. Please see the <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263">Exchange Team Blog</a> for more information.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p><strong>Why is Attack Complexity marked as High for this vulnerability?</strong></p> <p>A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in execution against the vulnerable component before a successful attack can be expected. For this vulnerability, a successful exploitation requires an attacker to win a race condition.</p> <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see <a href="https://aka.ms/ExchangeEPDoc">Exchange Server Support for Windows Extended Protection</a>.</p> <p><strong>Is there more information available about this release of Exchange Server?</strong></p> <p>For more information on this issue, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862">The Exchange Blog</a>.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-24516 11956 11957 11682 12038 12039 Elevation of Privilege 11956 Elevation of Privilege 11957 Elevation of Privilege 11682 Elevation of Privilege 12038 Elevation of Privilege 12039 Critical 11956 Critical 11957 Critical 11682 Critical 12038 Critical 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5019077 https://www.microsoft.com/download/details.aspx?familyid=bcd6d182-6e4e-4d95-a54f-bb74071f29d9 5015322 11956 Yes Security Update 15.01.2375.032 5019077 https://www.microsoft.com/download/details.aspx?familyid=39945af4-067e-4159-9d97-ba54bbbb8a28 5015322 11957 Yes Security Update 15.02.0986.030 5019076 https://www.microsoft.com/download/details.aspx?familyid=15fb9b27-c3d4-4f23-9e39-a4f30444f3f1 5015321 11682 Yes Security Update 15.00.1497.042 5019077 https://www.microsoft.com/download/details.aspx?familyid=7f879102-4572-41f1-b21a-d223d00cd813 5015322 12038 Yes Security Update 15.02.1118.015 5019077 https://www.microsoft.com/download/details.aspx?familyid=3f0110e8-14c8-496a-bc2a-1a1675970eb1 5015322 12039 Yes Security Update 15.01.2507.013 <a href="https://twitter.com/D1iv3">Tianze Ding(@D1iv3)</a> with Tencent Security Xuanwu Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added an FAQ. This is an information change only.</p> 2.0 2022-10-11T07:00:00 <p>To address known issue of Outlook Probes not functioning properly with extended protection turned on, Microsoft has updated the Microsoft Exchange security updates. Please see the <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263">Exchange Team Blog</a> for more information.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would be able to take over the mailboxes of all Exchange users, attackers can send emails, read emails, download attachments.</p> <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see <a href="https://aka.ms/ExchangeEPDoc">Exchange Server Support for Windows Extended Protection</a>.</p> <p><strong>Is there more information available about this release of Exchange Server?</strong></p> <p>For more information on this issue, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862">The Exchange Blog</a>.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-24477 11682 11956 11957 12038 12039 Elevation of Privilege 11682 Elevation of Privilege 11956 Elevation of Privilege 11957 Elevation of Privilege 12038 Elevation of Privilege 12039 Critical 11682 Critical 11956 Critical 11957 Critical 12038 Critical 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5019076 https://www.microsoft.com/download/details.aspx?familyid=15fb9b27-c3d4-4f23-9e39-a4f30444f3f1 5015321 11682 Yes Security Update 15.00.1497.042 5019077 https://www.microsoft.com/download/details.aspx?familyid=bcd6d182-6e4e-4d95-a54f-bb74071f29d9 5015322 11956 Yes Security Update 15.01.2375.032 5019077 https://www.microsoft.com/download/details.aspx?familyid=39945af4-067e-4159-9d97-ba54bbbb8a28 5015322 11957 Yes Security Update 15.02.0986.030 5019077 https://www.microsoft.com/download/details.aspx?familyid=7f879102-4572-41f1-b21a-d223d00cd813 5015322 12038 Yes Security Update 15.02.1118.015 5019077 https://www.microsoft.com/download/details.aspx?familyid=3f0110e8-14c8-496a-bc2a-1a1675970eb1 5015322 12039 Yes Security Update 15.01.2507.013 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> <a href="https://twitter.com/d1iv3">Tianze Ding (@D1iv3)</a> with Tencent Security Xuanwu Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added an FAQ. This is an information change only.</p> 2.0 2022-10-11T07:00:00 <p>To address known issue of Outlook Probes not functioning properly with extended protection turned on, Microsoft has updated the Microsoft Exchange security updates. Please see the <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263">Exchange Team Blog</a> for more information.</p> 2.1 2023-12-04T08:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could read targeted email messages.</p> <p><strong>Are there any more actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see <a href="https://aka.ms/ExchangeEPDoc">Exchange Server Support for Windows Extended Protection</a>.</p> <p><strong>Is there more information available about this release of Exchange Server?</strong></p> <p>For more information on this issue, please see <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862">The Exchange Blog</a>.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-30134 12038 12039 11682 11956 11957 Information Disclosure 12038 Information Disclosure 12039 Information Disclosure 11682 Information Disclosure 11956 Information Disclosure 11957 Important 12038 Important 12039 Important 11682 Important 11956 Important 11957 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12038 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11682 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11956 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11957 5019077 https://www.microsoft.com/download/details.aspx?familyid=7f879102-4572-41f1-b21a-d223d00cd813 5015322 12038 Yes Security Update 15.02.1118.015 5019077 https://www.microsoft.com/download/details.aspx?familyid=3f0110e8-14c8-496a-bc2a-1a1675970eb1 5015322 12039 Yes Security Update 15.01.2507.013 5019076 https://www.microsoft.com/download/details.aspx?familyid=15fb9b27-c3d4-4f23-9e39-a4f30444f3f1 5015321 11682 Yes Security Update 15.00.1497.042 5019077 https://www.microsoft.com/download/details.aspx?familyid=bcd6d182-6e4e-4d95-a54f-bb74071f29d9 5015322 11956 Yes Security Update 15.01.2375.032 5019077 https://www.microsoft.com/download/details.aspx?familyid=39945af4-067e-4159-9d97-ba54bbbb8a28 5015322 11957 Yes Security Update 15.02.0986.030 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 2.0 2022-10-11T07:00:00 <p>To address known issue of Outlook Probes not functioning properly with extended protection turned on, Microsoft has updated the Microsoft Exchange security updates. Please see the <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263">Exchange Team Blog</a> for more information.</p> Windows Fax Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> Role: Windows Fax Service Microsoft Yes CVE-2022-34690 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11896 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11897 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11898 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11803 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10047 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10048 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10481 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10482 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10484 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could read targeted email messages.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-34692 12039 12038 11957 11956 Information Disclosure 12039 Information Disclosure 12038 Information Disclosure 11957 Information Disclosure 11956 Important 12039 Important 12038 Important 11957 Important 11956 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12039 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12038 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11957 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11956 5015322 https://www.microsoft.com/download/details.aspx?familyid=2961d7a6-c089-4fe6-8c4c-c100878950b8 5014261 12039 Yes Security Update 15.01.2507.012 5015322 https://www.microsoft.com/download/details.aspx?familyid=1d34be10-1762-44dd-ad87-510441e3798f 5014261 12038 Yes Security Update 15.02.1118.012 5015322 https://www.microsoft.com/download/details.aspx?familyid=edb31b02-83ab-4133-b327-29f3799e4861 5014261 11957 Yes Security Update 15.02.0986.029 5015322 https://www.microsoft.com/download/details.aspx?familyid=4d630555-9c16-46fe-b72b-aec651b71efb 5014261 11956 Yes Security Update 15.01.2375.031 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-34701 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-34702 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability <p><strong>How does this impact SCOM customers?</strong></p> <p>SCOM 2016, 2019, and 2022 customers who monitor Linux machines and use Kerberos-based authentication are impacted by this vulnerability.</p> <p><strong>How can an attacker exploit the vulnerability?</strong></p> <p>OMI supports Kerberos as one of the authentication mechanisms. This authentication mechanism is only used by SCOM, with no Azure service using it. A fixed temp file is used while keeping omi keytab in sync with the default keytab. The temp file can be manipulated by an attacker to insert a new key in the omi keytab and gain elevated privileges on the machine. The attacker must be locally logged in to the machine on which the OMI components are running.</p> <p><strong>What products are affected by this vulnerability and how can I protect myself?</strong></p> <p>The following table lists the affected services and the required customer action to protect against this vulnerability.</p> <table> <thead> <tr> <th>Affected Product</th> <th>Fixed Version Number</th> <th>Customer action required</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/microsoft/omi">OMI as standalone package</a></td> <td>OMI version v1.6.10-2</td> <td>Manually download the update <a href="https://github.com/Microsoft/omi#get-omi">here</a></td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/system-center/scom/plan-planning-agent-deployment?view=sc-om-2019">System Center Operations Manager (SCOM)</a> Management Pack for UNIX and Linux Operating Systems</td> <td>Management Pack for SCOM 2016: 7.6.1113.0</td> <td>Manually download and update the 2016 management pack: <a href="https://www.microsoft.com/en-us/download/details.aspx?id=29696">2016</a></td> </tr> <tr> <td></td> <td>Management Pack for SCOM 2019: 10.19.1158.0</td> <td>Manually download and update the 2019 management pack: <a href="https://www.microsoft.com/en-us/download/details.aspx?id=58208">2019</a></td> </tr> <tr> <td></td> <td>Management Pack for SCOM 2022: 10.22.1032.0</td> <td>Manually download and update the 2022 management pack: <a href="https://www.microsoft.com/en-in/download/details.aspx?id=104213">2022</a></td> </tr> </tbody> </table> <p><strong>Does this vulnerability affect the <a href="https://github.com/microsoft/omi/blob/master/README.md#microsoft-products-that-use-omi">Azure Services</a> that use OMI?</strong></p> <p><a href="https://github.com/microsoft/omi/blob/master/README.md#microsoft-products-that-use-omi">Other Azure services</a> are not impacted by this vulnerability as they do not use Kerberos-based authentication. A Linux VM that is being monitored by SCOM, where SCOM has been configured to use Kerberos-based authentication is the only scenario which is impacted.</p> <p><strong>What is OMI?</strong></p> <p><a href="https://github.com/microsoft/omi">Open Management Infrastructure (OMI)</a> is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Certain Azure Virtual Machine (VM) management extensions (listed <a href="https://github.com/microsoft/omi#microsoft-products-that-use-omi">here</a>) use OMI to orchestrate configuration management and log collection on Linux VMs.</p> <p>Refer to this link for more details: <a href="https://github.com/Microsoft/omi">GitHub - microsoft/omi: Open Management Infrastructure</a></p> System Center Operations Manager Microsoft Yes CVE-2022-33640 11933 12057 12056 12058 Elevation of Privilege 11933 Elevation of Privilege 12057 Elevation of Privilege 12056 Elevation of Privilege 12058 Important 11933 Important 12057 Important 12056 Important 12058 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11933 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12057 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12056 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12058 Release Notes https://github.com/microsoft/omi-kits/tree/master/release 11933 Maybe Security Update 1.6.10-2 Github Repository https://www.microsoft.com/download/details.aspx?id=58208 12057 Maybe Security Update 10.19.1158.0 Github Repository https://www.microsoft.com/download/details.aspx?id=29696 12056 Maybe Security Update 7.6.1113.0 Github Repository https://www.microsoft.com/download/details.aspx?id=104213 12058 Maybe Security Update 10.22.1032.0 <a href="https://twitter.com/sickcodes">Sick Codes</a> with <a href="https://sick.codes/">Sick Codes</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Batch Node Agent Elevation of Privilege Vulnerability <p><strong>How do I determine what version of Azure Batch is running?</strong></p> <p>Using a client targeting REST API version 2018-08-01.7.0 or newer call the <a href="https://docs.microsoft.com/en-us/rest/api/batchservice/compute-node/get">get compute node</a> or <a href="https://docs.microsoft.com/en-us/rest/api/batchservice/compute-node/list">list compute nodes</a> APIs and examine the <strong>version</strong> property of <a href="https://docs.microsoft.com/en-us/rest/api/batchservice/compute-node/list#nodeagentinformation">nodeAgentInfo</a>. Your system should be running Batch Agent version 1.9.27 or later.</p> <p><strong>How do I update my Batch Agent?</strong></p> <p>If you are not running Batch Agent version 1.9.27 or later, you need to resize your pools to zero or recreate your pool. This will update the Batch Agent to the latest version. Your pool won't receive node agent updates unless it's recreated (or if it's resized to 0 compute nodes). See <a href="https://docs.microsoft.com/en-us/azure/batch/best-practices#pool-lifetime-and-billing">Azure Batch best practices - Pool lifetime and billing</a> for more information.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Azure Batch Node Agent Microsoft Yes CVE-2022-33646 12059 Elevation of Privilege 12059 Critical 12059 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12059 Release Notes https://docs.microsoft.com/en-us/azure/batch/best-practices#pool-lifetime-and-billing 12059 Maybe Security Update 1.9.27 <a href="https://twitter.com/rohitg5249"> Rohit Gurunath - (MSFT) </a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2023-03-29T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows Defender Credential Guard Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34704 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw of <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-12-13T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Defender Credential Guard Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34705 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> .NET Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to successfully execute a <a href="https://portswigger.net/web-security/xxe/blind#:%7E:text=Exploiting%20blind%20XXE%20to%20exfiltrate%20data%20out-of-band">blind XXE attack</a>.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>Confidentiality is High, if an attacker successfuly exploits this it is information disclosure. While the attacker could read files that shouldn't be exposed, they wouldn't have the ability to modify them in any way (Integrity) or delete them to stop the app or server from functioning (Availability).</p> .NET Core Microsoft Yes CVE-2022-34716 11600 12051 11872 11935 11969 12009 11730 11745 11970 Spoofing 11600 Spoofing 12051 Spoofing 11872 Spoofing 11935 Spoofing 11969 Spoofing 12009 Spoofing 11730 Spoofing 11745 Spoofing 11970 Important 11600 Important 12051 Important 11872 Important 11935 Important 11969 Important 12009 Important 11730 Important 11745 Important 11970 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11600 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11872 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11935 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11969 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12009 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11730 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11745 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11970 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.50 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.18 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.13 5016990 https://dotnet.microsoft.com/download/dotnet/6.0 12009 No Security Update 6.0.8 5016987 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016987 11730 Maybe Security Update 3.1.28 Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11745 Maybe Security Update 7.0.12 Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11970 Maybe Security Update 7.2.6 Felix Wilhelm of Google Project Zero 1.0 2022-08-09T07:00:00 <p>Information published.</p> 2.0 2022-08-11T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.0 and PowerShell 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/33">https://github.com/PowerShell/Announcements/issues/33</a> for more information.</p> 3.0 2023-04-11T07:00:00 <p>Revised the Security Updates table to include Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.9, Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.0, and Visual Studio 2022 version 17.2 because these versions of Visual Studio are affected by this vulnerability. Customers running these supported versions of Visual Studio should install the August 2022 updates to be protected from this vulnerability. Customers who have already installed the updates do not need to take any further action.</p> Microsoft Office Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> Microsoft Office Microsoft Yes CVE-2022-34717 11573 11574 11763 11952 11953 11762 10754 10753 10603 10602 10601 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11762 Remote Code Execution 10754 Remote Code Execution 10753 Remote Code Execution 10603 Remote Code Execution 10602 Remote Code Execution 10601 Important 11573 Important 11574 Important 11763 Important 11952 Important 11953 Important 11762 Important 10754 Important 10753 Important 10603 Important 10602 Important 10601 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 Click to Run 11573 11574 11763 11952 11953 11762 No Security Update https://aka.ms/OfficeSecurityReleases 4462148 https://www.microsoft.com/download/details.aspx?familyid=003749ba-2869-418c-923c-133e5a3c9229 4022162 10754 Maybe Security Update 16.0.14931.20612 4462148 https://www.microsoft.com/download/details.aspx?familyid=84107b9c-fe30-46fd-9f4d-571ba721a6e6 4022162 10753 Maybe Security Update 16.0.14931.20612 4462142 3172522 10603 Maybe Security Update 15.0.5475.1001 4462142 https://www.microsoft.com/download/details.aspx?familyid=5b0cbf60-4a98-434d-a48f-52feba587738 3172522 10602 Maybe Security Update 15.0.5475.1001 4462142 https://www.microsoft.com/download/details.aspx?familyid=19111943-f0be-4a8e-8cdb-dcd94905fbc3 3172522 10601 Maybe Security Update 15.0.5475.1001 Eduardo Braun Prado 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-35766 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-35767 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-35793 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:</p> <p><strong>Option 1 - Disable the Print Spooler service</strong></p> <p>If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <p><strong>Option 2 - Disable inbound remote printing through Group Policy</strong></p> <p>You can also configure the settings via Group Policy as follows:</p> <p>Computer Configuration / Administrative Templates / Printers</p> <p>Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.</p> <p>You must restart the Print Spooler service for the group policy to take effect.</p> <p><strong>Impact of workaround</strong> This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.</p> <p>For more information see: <a href="https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer">Use Group Policy settings to control printers</a>.</p> <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2022-35768 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2022-35794 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Remote Access Service Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-35769 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Error Reporting Microsoft Yes CVE-2022-35795 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Defender Credential Guard Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-35771 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2022-35758 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016669 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016669 5015866 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21616 5016669 https://support.microsoft.com/help/5016669 9312 10287 9318 9344 5016686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016686 9312 10287 9318 9344 Yes Security Only 6.0.6003.21616 5016686 https://support.microsoft.com/help/5016686 9312 10287 9318 9344 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Hello Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Hello Facial Recognition security feature.</p> <p><strong>Where can I find more information about Windows Hello Face Authentication?</strong></p> <p>Please see <a href="https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-face-authentication">Windows Hello Face Authentication</a> for updated details.</p> Windows Hello Microsoft Yes CVE-2022-35797 11568 11569 11570 11896 11897 11898 11801 11802 11926 11927 11929 11930 11931 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Important 11568 Important 11569 Important 11570 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11929 11930 11931 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 Jason Martinsen 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> Azure Site Recovery Microsoft Yes CVE-2022-35772 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35799 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35774 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35800 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-35775 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35801 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-35779 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 HP of Cyber Kunlun Lab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-35806 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12055 More Information https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=US 12055 Maybe Security Update 6.1.12.0 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35807 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35808 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35782 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35809 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability does not directly expose the data to the attacker. The attacker would have to brute force possible combinations and infer the Boolean result returned to disclose confidential information.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35783 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.4 4.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35784 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35810 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35811 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35785 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35812 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35786 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35787 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35813 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35788 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35814 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35789 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35815 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35790 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35816 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35817 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35791 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35818 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35819 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 Anonymous 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Sphere Information Disclosure Vulnerability <p><strong>What version of Azure Sphere has the update that protects from this vulnerability?</strong></p> <p>All versions of Azure Sphere that are 22.07 and higher are protected from this vulnerability.</p> <p><strong>How do I ensure my Azure Sphere device has the update?</strong></p> <p>If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.07 has been installed using the Azure Sphere CLI command:</p> <p><code>azsphere device show-os-version </code></p> <p>If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:</p> <p><code>azsphere device show-deployment-status </code></p> <p><strong>Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?</strong></p> <p>An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on <a href="https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves">https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves</a></p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose the contents of the memory location, but they cannot modify the contents or make the system unavailable.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>The attacker would have to be present on the system with root privileges to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?</strong></p> <p>The attacker needs to have root privileges on the target system to be able to exploit this vulnerability.</p> Azure Sphere Microsoft Yes CVE-2022-35821 11796 Information Disclosure 11796 Important 11796 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.4 4.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11796 Release Notes 11796 Yes Security Update 22.07 Discovered by Claudio Bozzato and Lilith of Cisco Talos. with <a href="https://talosintelligence.com/vulnerability_reports/">Cisco Talos</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong> You can follow the steps <a href="https://support.microsoft.com/en-us/topic/update-rollup-61-for-azure-site-recovery-kb5012960-a1cc029b-03ad-446f-9365-a00b41025d39">here</a> to update to version 9.50</p> <p><strong>Is there information about new available options?</strong></p> <p>Yes, please see <a href="https://azure.microsoft.com/en-us/updates/azure-site-recovery-move-from-classic-to-modernized-experience-for-disaster-recovery-of-vmware-machines/">General availability: Upgrade VMware VMs protected by Site Recovery to modernized experience</a> for more information.</p> Azure Site Recovery Microsoft Yes CVE-2022-35824 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 https://download.microsoft.com/download/8/9/6/89662253-95f1-4985-b113-08831e8b7481/MicrosoftAzureSiteRecoveryUnifiedSetup.exe 12018 Maybe Security Update 9.50 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2603 Use after free in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2603 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2604 Use after free in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2604 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2605 Out of bounds read in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2605 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2606 Use after free in Managed devices API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2606 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2610 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2611 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2612 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2614 Use after free in Sign-In Flow <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2614 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2615 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2616 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2617 Use after free in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2617 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2618 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2619 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2621 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2621 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2622 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2623 Use after free in Offline <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2623 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2624 Heap buffer overflow in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.47</td> <td>8/5/2022</td> <td>104.0.5112.79/80/81</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2624 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.47 1.0 2022-08-05T07:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Visual Studio Microsoft Yes CVE-2022-35825 11600 11872 11935 11969 10326 10566 10577 12051 Remote Code Execution 11600 Remote Code Execution 11872 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 10326 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12051 Important 11600 Important 11872 Important 11935 Important 11969 Important 10326 Important 10566 Important 10577 Important 12051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11600 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11872 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10326 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10566 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10577 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.50 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.18 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.13 5016314 https://aka.ms/vs/11/release/5016314 10326 Maybe Security Update 11.0.61252.0 5016315 https://aka.ms/vs/12/release/5016315 10566 Maybe Security Update 12.0.40699.0 5016316 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016316 10577 Maybe Security Update 14.0.27552.0 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.7 Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative HAO LI of VenusTech ADLab 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2023-09-22T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Visual Studio Microsoft Yes CVE-2022-35826 11600 11872 11935 11969 10326 10566 10577 12051 Remote Code Execution 11600 Remote Code Execution 11872 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 10326 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12051 Important 11600 Important 11872 Important 11935 Important 11969 Important 10326 Important 10566 Important 10577 Important 12051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11600 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11872 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10326 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10566 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10577 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.50 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.18 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.13 5016314 https://aka.ms/vs/11/release/5016314 10326 Maybe Security Update 11.0.61252.0 5016315 https://aka.ms/vs/12/release/5016315 10566 Maybe Security Update 12.0.40699.0 5016316 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016316 10577 Maybe Security Update 14.0.27552.0 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.7 HAO LI of VenusTech ADLab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Visual Studio Microsoft Yes CVE-2022-35827 12051 11969 11600 10577 11935 11872 10566 10326 Remote Code Execution 12051 Remote Code Execution 11969 Remote Code Execution 11600 Remote Code Execution 10577 Remote Code Execution 11935 Remote Code Execution 11872 Remote Code Execution 10566 Remote Code Execution 10326 Important 12051 Important 11969 Important 11600 Important 10577 Important 11935 Important 11872 Important 10566 Important 10326 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11600 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10577 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11872 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10566 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10326 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.13 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.50 5016316 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016316 10577 Maybe Security Update 14.0.27552.0 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.18 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.24 5016315 https://aka.ms/vs/12/release/5016315 10566 Maybe Security Update 12.0.40699.0 5016314 https://aka.ms/vs/11/release/5016314 10326 Maybe Security Update 11.0.61252.0 HAO LI of VenusTech ADLab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Visual Studio Microsoft Yes CVE-2022-35777 11600 11872 11935 11969 10326 10566 10577 12051 Remote Code Execution 11600 Remote Code Execution 11872 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 10326 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12051 Important 11600 Important 11872 Important 11935 Important 11969 Important 10326 Important 10566 Important 10577 Important 12051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11600 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11872 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10326 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10566 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10577 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.50 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.18 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.13 5016314 https://aka.ms/vs/11/release/5016314 10326 Maybe Security Update 11.0.61252.0 5016315 https://aka.ms/vs/12/release/5016315 10566 Maybe Security Update 12.0.40699.0 5016316 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016316 10577 Maybe Security Update 14.0.27552.0 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.7 HAO LI of VenusTech ADLab 1.0 2022-08-09T07:00:00 <p>Information published.</p> Windows Bluetooth Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An authorized local attacker could exploit this Windows Bluetooth driver vulnerability by programmatically running certain functions to arbitrarily gain registry key creation and deletion in the bthport.sys driver.</p> Microsoft Bluetooth Driver Microsoft Yes CVE-2022-35820 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 5016676 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016676 5015861 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26065 5016676 https://support.microsoft.com/help/5016676 10047 10048 10051 10049 5016679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016679 10047 10048 10051 10049 Yes Security Only 6.1.7601.26065 5016679 https://support.microsoft.com/help/5016679 10047 10048 10051 10049 5016681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016681 5015874 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20520 5016683 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016683 10481 10482 10483 10543 Yes Security Only 6.3.9600.20520 5016681 5015874 10484 Yes Monthly Rollup 6.3.9600.20520 5016672 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016672 5015863 10378 10379 Yes Monthly Rollup 6.2.9200.23817 5016684 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016684 10378 10379 Yes Security Only 6.2.9200.23817 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave this workaround in place:</p> <p><strong>Disable the ability of child keys to allow full owner or creator permissions</strong></p> <p><strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys and Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <ol> <li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li> <li>Locate and then click the following registry subkey: <code>HKLM: \SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters</code></li> <li>Open <strong>Permissions</strong></li> <li>Open <strong>Advanced</strong></li> <li>Click <strong>Disable inheritance</strong></li> <li>Select <strong>Convert to explicit</strong></li> <li>Remove <strong>Creator/Owner</strong> from the Permissions.</li> </ol> <p><strong>Impact of workaround</strong></p> <p>All child keys will no longer allow full owner or creator permissions, but will still allow subkeys to be created by an arbitrary user through settings. Authorized users with system or admin privileges will still have whatever permissions are expected.</p> <p><strong>How to undo the workaround</strong></p> <ol> <li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li> <li>Locate and then click the following registry subkey: <code>HKLM: \SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters</code></li> <li>Open <strong>Permissions</strong></li> <li>Open <strong>Advanced</strong></li> <li>Click <strong>Allow inheritance</strong></li> <li>Re-add creator owner</li> <li>Click <strong>Apply</strong></li> <li>If desired, remove duplicate entries.</li> </ol> T0 working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-08-09T07:00:00 <p>Information published.</p> 1.1 2022-08-19T07:00:00 <p>Corrected Download and Article links for affected versions of Windows 10 Version 1607, Windows Server 2016, Windows 10 Version 1809, and Windows Server 2019 in the Security Updates table. This is an informational change only.</p> Windows Defender Credential Guard Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-34711 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw with <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-15T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2022, but the CVE was inadvertently omitted from the August 2022 Security Updates. This is an informational change only. Customers who have already installed the August 2022 update do not need to take any further action.</p> Windows Defender Credential Guard Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard.</p> Windows Defender Credential Guard Microsoft Yes CVE-2022-35822 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5016623 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016623 5015811 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3287 5016623 https://support.microsoft.com/help/5016623 11568 11569 11570 11571 11572 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11896 11897 11898 Yes Security Update 10.0.19043.1889 5016616 https://support.microsoft.com/help/5016616 11896 11897 11898 11801 11802 11803 11929 11930 11931 5016627 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627 5015827 11923 11924 Yes Security Update 10.0.20348.887 5016627 https://support.microsoft.com/help/5016627 11923 11924 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11801 11802 11803 Yes Security Update 10.0.19042.1889 5016629 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016629 5015814 11926 11927 Yes Security Update 10.0.22000.856 5016629 https://support.microsoft.com/help/5016629 11926 11927 5016616 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016616 5015807 11929 11930 11931 Yes Security Update 10.0.19044.1889 5016639 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016639 5015832 10729 10735 Yes Security Update 10.0.10240.19387 5016622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016622 5015808 10852 10853 10816 10855 Yes Security Update 10.0.14393.5291 James Forshaw of <a href="https://googleprojectzero.blogspot.com/">Google Project Zero</a> 1.0 2022-08-15T07:00:00 <p>Information published. This CVE was addressed by updates that were released in August 2022, but the CVE was inadvertently omitted from the August 2022 Security Updates. This is an informational change only. Customers who have already installed the August 2022 update do not need to take any further action.</p> Chromium: CVE-2022-2856 Insufficient validation of untrusted input in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2022-2856 exists in the wild.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.60</td> <td>8/17/2022</td> <td>104.0.5112.102/101</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2856 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.60 1.0 2022-08-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2857 Use after free in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2857 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2852 Use after free in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2852 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2853 Heap buffer overflow in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2853 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2854 Use after free in SwiftShader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2854 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2855 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2855 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2858 Use after free in Sign-In Flow <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2858 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2860 Insufficient policy enforcement in Cookies <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2860 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2861 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>104.0.1293.63</td> <td>8/19/2022</td> <td>104.0.5112.102</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2861 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 104.0.1293.63 1.0 2022-08-19T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2017-1000232 https://nvd.nist.gov/vuln/detail/CVE-2017-1000232 Mariner cve@mitre.org Yes CVE-2017-1000232 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 ldns 12139 ldns-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 ldns-devel-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 ldns-utils-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-ldns-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 perl-ldns-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 ldns-doc-1.7.0-32.cm2.noarch.rpm 0001-01-01T00:00:00 ldns-debuginfo-1.7.0-32.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.7.0-32 ldns 12140 ldns-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 ldns-devel-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 ldns-utils-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-ldns-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 perl-ldns-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 ldns-doc-1.7.0-32.cm2.noarch.rpm 0001-01-01T00:00:00 ldns-debuginfo-1.7.0-32.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.7.0-32 1.0 2022-08-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-33655 https://nvd.nist.gov/vuln/detail/CVE-2021-33655 https://nvd.nist.gov/vuln/detail/CVE-2021-33655 https://nvd.nist.gov/vuln/detail/CVE-2021-33655 Mariner securities@openeuler.org Yes CVE-2021-33655 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12137 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12138 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12139 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.144.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.144.1-1 kernel 12138 kernel-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.144.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.144.1-1 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-25T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-46828 https://nvd.nist.gov/vuln/detail/CVE-2021-46828 Mariner cve@mitre.org Yes CVE-2021-46828 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 libtirpc 12137 libtirpc-1.1.4-5.cm1.x86_64.rpm 0001-01-01T00:00:00 libtirpc-devel-1.1.4-5.cm1.x86_64.rpm 0001-01-01T00:00:00 libtirpc-debuginfo-1.1.4-5.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-5 libtirpc 12138 libtirpc-1.1.4-5.cm1.aarch64.rpm 0001-01-01T00:00:00 libtirpc-devel-1.1.4-5.cm1.aarch64.rpm 0001-01-01T00:00:00 libtirpc-debuginfo-1.1.4-5.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-5 1.0 2022-08-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1671 https://nvd.nist.gov/vuln/detail/CVE-2022-1671 https://nvd.nist.gov/vuln/detail/CVE-2022-1671 https://nvd.nist.gov/vuln/detail/CVE-2022-1671 Mariner secalert@redhat.com Yes CVE-2022-1671 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12137 kernel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12138 kernel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1651 https://nvd.nist.gov/vuln/detail/CVE-2022-1651 https://nvd.nist.gov/vuln/detail/CVE-2022-1651 https://nvd.nist.gov/vuln/detail/CVE-2022-1651 Mariner secalert@redhat.com Yes CVE-2022-1651 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12137 kernel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12138 kernel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-36879 https://nvd.nist.gov/vuln/detail/CVE-2022-36879 https://nvd.nist.gov/vuln/detail/CVE-2022-36879 https://nvd.nist.gov/vuln/detail/CVE-2022-36879 Mariner cve@mitre.org Yes CVE-2022-36879 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12138 kernel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-36946 https://nvd.nist.gov/vuln/detail/CVE-2022-36946 https://nvd.nist.gov/vuln/detail/CVE-2022-36946 https://nvd.nist.gov/vuln/detail/CVE-2022-36946 Mariner cve@mitre.org Yes CVE-2022-36946 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.145.1-1 kernel 12138 kernel-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.145.1-1 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-32081 https://nvd.nist.gov/vuln/detail/CVE-2022-32081 Mariner cve@mitre.org Yes CVE-2022-32081 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 mariadb 12139 mariadb-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-devel-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.6.9-1 mariadb 12140 mariadb-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-devel-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.6.9-1 1.0 2022-08-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-34526 https://nvd.nist.gov/vuln/detail/CVE-2022-34526 https://nvd.nist.gov/vuln/detail/CVE-2022-34526 https://nvd.nist.gov/vuln/detail/CVE-2022-34526 Mariner cve@mitre.org Yes CVE-2022-34526 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 libtiff 12139 libtiff-4.4.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-3 libtiff 12140 libtiff-4.4.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-3 libtiff 12137 libtiff-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12138 libtiff-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 1.0 2022-08-06T00:00:00 <p>Information published.</p> 1.1 2022-08-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-36123 https://nvd.nist.gov/vuln/detail/CVE-2022-36123 https://nvd.nist.gov/vuln/detail/CVE-2022-36123 https://nvd.nist.gov/vuln/detail/CVE-2022-36123 Mariner cve@mitre.org Yes CVE-2022-36123 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12138 kernel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.134.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.134.1-2 kernel 12139 kernel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 kernel 12140 kernel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.67.1-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.67.1-4 1.0 2022-08-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-34749 https://nvd.nist.gov/vuln/detail/CVE-2022-34749 Mariner cve@mitre.org Yes CVE-2022-34749 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 python-mistune 12137 12138 python-mistune-0.8.3-3.cm1.noarch.rpm 0001-01-01T00:00:00 python3-mistune-0.8.3-3.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.3-3 python-mistune 12139 12140 python3-mistune-0.8.3-5.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.3-5 1.0 2022-08-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-32091 https://nvd.nist.gov/vuln/detail/CVE-2022-32091 https://nvd.nist.gov/vuln/detail/CVE-2022-32091 https://nvd.nist.gov/vuln/detail/CVE-2022-32091 Mariner cve@mitre.org Yes CVE-2022-32091 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 mariadb 12137 mariadb-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mariadb-devel-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.3.36-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.3.36-1 mariadb 12138 mariadb-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mariadb-devel-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.3.36-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.3.36-1 mariadb 12139 mariadb-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-devel-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.6.9-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.6.9-1 mariadb 12140 mariadb-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-server-galera-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-devel-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-errmsg-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mariadb-debuginfo-10.6.9-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 10.6.9-1 1.0 2022-08-23T00:00:00 <p>Information published.</p>