July 2022 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2022-Jul 2022-Jul Final 1.0 103 2026-03-31T14:42:23 July 2022 Security Updates 2022-07-12T07:00:00 2026-03-31T14:42:23 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>AMD CPU Branch</li> <li>Azure Site Recovery</li> <li>Azure Storage Library</li> <li>Microsoft Defender for Endpoint</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Graphics Component</li> <li>Microsoft Office</li> <li>Open Source Software</li> <li>Role: DNS Server</li> <li>Role: Windows Fax Service</li> <li>Role: Windows Hyper-V</li> <li>Skype for Business and Microsoft Lync</li> <li>Windows Active Directory</li> <li>Windows Advanced Local Procedure Call</li> <li>Windows BitLocker</li> <li>Windows Boot Manager</li> <li>Windows Client/Server Runtime Subsystem</li> <li>Windows Connected Devices Platform Service</li> <li>Windows Credential Guard</li> <li>Windows Fast FAT Driver</li> <li>Windows Fax and Scan Service</li> <li>Windows Group Policy</li> <li>Windows IIS</li> <li>Windows Kernel</li> <li>Windows Media</li> <li>Windows Network File System</li> <li>Windows Performance Counters</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Portable Device Enumerator Service</li> <li>Windows Print Spooler Components</li> <li>Windows Remote Procedure Call Runtime</li> <li>Windows Security Account Manager</li> <li>Windows Server Service</li> <li>Windows Shell</li> <li>Windows Storage</li> <li>XBox</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21845">CVE-2022-21845</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22022">CVE-2022-22022</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22023">CVE-2022-22023</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22024">CVE-2022-22024</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22026">CVE-2022-22026</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22027">CVE-2022-22027</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22028">CVE-2022-22028</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22029">CVE-2022-22029</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22031">CVE-2022-22031</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22034">CVE-2022-22034</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22036">CVE-2022-22036</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22037">CVE-2022-22037</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22038">CVE-2022-22038</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22039">CVE-2022-22039</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22040">CVE-2022-22040</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22041">CVE-2022-22041</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22042">CVE-2022-22042</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22043">CVE-2022-22043</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22045">CVE-2022-22045</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22047">CVE-2022-22047</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22048">CVE-2022-22048</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22049">CVE-2022-22049</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22050">CVE-2022-22050</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22711">CVE-2022-22711</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2294">CVE-2022-2294</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2295">CVE-2022-2295</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23816">CVE-2022-23816</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23825">CVE-2022-23825</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-27776">CVE-2022-27776</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30181">CVE-2022-30181</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30187">CVE-2022-30187</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30202">CVE-2022-30202</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30203">CVE-2022-30203</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30205">CVE-2022-30205</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30206">CVE-2022-30206</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30209">CVE-2022-30209</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30211">CVE-2022-30211</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30212">CVE-2022-30212</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30213">CVE-2022-30213</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30214">CVE-2022-30214</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30215">CVE-2022-30215</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30216">CVE-2022-30216</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30220">CVE-2022-30220</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30221">CVE-2022-30221</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30222">CVE-2022-30222</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30223">CVE-2022-30223</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30224">CVE-2022-30224</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30225">CVE-2022-30225</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30226">CVE-2022-30226</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33632">CVE-2022-33632</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33633">CVE-2022-33633</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33637">CVE-2022-33637</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33641">CVE-2022-33641</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33642">CVE-2022-33642</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33643">CVE-2022-33643</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33644">CVE-2022-33644</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33650">CVE-2022-33650</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33651">CVE-2022-33651</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33652">CVE-2022-33652</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33653">CVE-2022-33653</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33654">CVE-2022-33654</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33655">CVE-2022-33655</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33656">CVE-2022-33656</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33657">CVE-2022-33657</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33658">CVE-2022-33658</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33659">CVE-2022-33659</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33660">CVE-2022-33660</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33661">CVE-2022-33661</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33662">CVE-2022-33662</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33663">CVE-2022-33663</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33664">CVE-2022-33664</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33665">CVE-2022-33665</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33666">CVE-2022-33666</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33667">CVE-2022-33667</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33668">CVE-2022-33668</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33669">CVE-2022-33669</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33671">CVE-2022-33671</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33672">CVE-2022-33672</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33673">CVE-2022-33673</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33674">CVE-2022-33674</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33675">CVE-2022-33675</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33676">CVE-2022-33676</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33677">CVE-2022-33677</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33678">CVE-2022-33678</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002112">5002112</a></td> <td>Microsoft Office 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002121">5002121</a></td> <td>Microsoft Office 2013</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015807">5015807</a></td> <td>Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015811">5015811</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015814">5015814</a></td> <td>Windows 11</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015827">5015827</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015861">5015861</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015862">5015862</a></td> <td>Windows 7, Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015863">5015863</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015866">5015866</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015870">5015870</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015874">5015874</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015875">5015875</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5015877">5015877</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Remote Desktop client for Windows Desktop Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Azure Site Recovery VMWare to Azure Azure Storage Blobs client library for .NET Azure Storage Queues client library for .NET Azure Storage Blobs client library for Java Azure Storage Queues client library for Python Azure Arc Jumpstart Microsoft Edge (Chromium-based) Azure Storage Blobs client library for Python Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Lync Server 2013 CU10 Skype for Business Server 2015 CU12 Skype for Business Server 2019 CU6 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Defender for Endpoint for Linux Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Remote Desktop client for Windows Desktop Microsoft Lync Server 2013 CU10 Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Defender for Endpoint for Linux Azure Site Recovery VMWare to Azure Skype for Business Server 2015 CU12 Skype for Business Server 2019 CU6 Azure Storage Blobs client library for .NET Azure Storage Blobs client library for Python Azure Storage Queues client library for .NET Azure Storage Blobs client library for Java Azure Storage Queues client library for Python Azure Arc Jumpstart Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM cm1 libxml2 2.9.14-3 on CBL Mariner 1.0 cbl2 libxml2 2.10.4-1 on CBL Mariner 2.0 azl3 ntopng 5.2.1-4 on Azure Linux 3.0 azl3 ceph 18.2.1-1 on Azure Linux 3.0 cm1 openjdk8 1.8.0.332-2 on CBL Mariner 1.0 cm1 mariadb 10.3.36-1 on CBL Mariner 1.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 php 8.3.8-1 on Azure Linux 3.0 azl3 rust 1.75.0-1 on Azure Linux 3.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 cm1 yasm 1.3.0-14 on CBL Mariner 1.0 cm1 libtiff 4.5.0-1 on CBL Mariner 1.0 cbl2 redis 6.2.9-1 on CBL Mariner 2.0 azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0 azl3 yasm 1.3.0-16 on Azure Linux 3.0 cm1 gnupg2 2.2.20-4 on CBL Mariner 1.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 cm1 kernel 5.10.145.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.144.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.67.1-4 on CBL Mariner 2.0 cbl2 kured 1.13.2-1 on CBL Mariner 2.0 cbl2 vim 9.0.0325-1 on CBL Mariner 2.0 cm1 kernel 5.10.134.1-2 on CBL Mariner 1.0 cbl2 mariadb 10.6.9-1 on CBL Mariner 2.0 cm1 vim 9.0.0181-1 on CBL Mariner 1.0 cbl2 libtiff 4.4.0-3 on CBL Mariner 2.0 cm1 python-mistune 0.8.3-3 on CBL Mariner 1.0 cbl2 python-mistune 0.8.3-5 on CBL Mariner 2.0 cm1 ceph 16.2.10-1 on CBL Mariner 1.0 cbl2 ceph 16.2.10-1 on CBL Mariner 2.0 cm1 redis 6.2.9-1 on CBL Mariner 1.0 cm1 nodejs 14.20.0-1 on CBL Mariner 1.0 cbl2 nodejs 16.16.0-1 on CBL Mariner 2.0 cm1 vim 9.0.0050-1 on CBL Mariner 1.0 cbl2 vim 9.0.0050-2 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-43 on CBL Mariner 1.0 cbl2 qemu 6.2.0-7 on CBL Mariner 2.0 cm1 openssl 1.1.1k-12 on CBL Mariner 1.0 cbl2 openssl 1.1.1k-20 on CBL Mariner 2.0 azl3 hvloader 1.0.1-2 on Azure Linux 3.0 cm1 kernel 5.10.131.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.55.1-1 on CBL Mariner 2.0 cm1 curl 7.84.0-1 on CBL Mariner 1.0 cbl2 curl 7.84.0-1 on CBL Mariner 2.0 cbl2 gnupg2 2.3.7-1 on CBL Mariner 2.0 cm1 python-lxml 4.7.1-2 on CBL Mariner 1.0 cm1 libxml2 2.9.14-2 on CBL Mariner 1.0 cbl2 python-lxml 4.9.1-1 on CBL Mariner 2.0 cbl2 libxml2 2.10.0-1 on CBL Mariner 2.0 cm1 lua 5.3.5-9 on CBL Mariner 1.0 cbl2 lua 5.4.3-4 on CBL Mariner 2.0 azl3 nmap 7.95-1 on Azure Linux 3.0 azl3 uglify-js 3.19.3-11 on Azure Linux 3.0 azl3 grub2 2.06-14 on Azure Linux 3.0 cm1 libtirpc 1.1.4-5 on CBL Mariner 1.0 cbl2 libtirpc 1.3.3-1 on CBL Mariner 2.0 cbl2 yasm 1.3.0-16 on CBL Mariner 2.0 cbl2 yasm 1.3.0-15 on CBL Mariner 2.0 azl3 yasm 1.3.0-15 on Azure Linux 3.0 azl3 ntopng 5.2.1-5 on Azure Linux 3.0 azl3 memcached 1.6.27-3 on Azure Linux 3.0 cbl2 dovecot 2.3.20-1 on CBL Mariner 2.0 cbl2 wavpack 5.6.0-1 on CBL Mariner 2.0 cbl2 booth 1.0-8 on CBL Mariner 2.0 azl3 yasm 1.3.0-17 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 grub2 2.06-23 on Azure Linux 3.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 nmap 7.94-1 on Azure Linux 3.0 azl3 nasm 2.16.01-1 on Azure Linux 3.0 azl3 ceph 16.2.10-3 on Azure Linux 3.0 azl3 hvloader 1.0.1-1 on Azure Linux 3.0 azl3 php 8.1.22-2 on Azure Linux 3.0 azl3 nasm 2.16.01-2 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2022-21540 16968-16820 16968-16820 Moderate 16968-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 16968-16820 CBL-Mariner Releases 16968-16820 No Security Update 1.8.0.332-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16968-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:14 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33465 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:28:27 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33463 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:25:16 <p>Information published.</p> 1.1 2025-11-19T01:41:01 <p>Information published.</p> There is a NULL pointer dereference in yasm version 1.3.0 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33458 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:17:40 <p>Information published.</p> There is a NULL pointer dereference in hash() in yasm version 1.3.0 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33456 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:14:51 <p>Information published.</p> A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information causing a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1651 Missing Release of Memory after Effective Lifetime 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18638-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-03T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1671 NULL Pointer Dereference 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18638-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-03T00:00:00 <p>Information published.</p> AES OCB fails to encrypt some bytes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2022-2097 Use of a Broken or Risky Cryptographic Algorithm 19915-17084 17859-17084 19671-17084 18664-16820 18665-16823 18131-17084 18666-17084 19686-17084 19915-17084 17859-17084 19671-17084 18664-16820 18665-16823 18131-17084 18666-17084 19686-17084 Moderate 19915-17084 Moderate 17859-17084 Moderate 19671-17084 Moderate 18664-16820 Moderate 18665-16823 Moderate 18131-17084 Moderate 18666-17084 Moderate 19686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19915-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17859-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19671-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18664-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18665-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18131-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18666-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19686-17084 CBL-Mariner Releases 19915-17084 18666-17084 No Security Update 1.0.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19915-17084 18666-17084 CBL-Mariner Releases CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 18664-16820 No Security Update 1.1.1k-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18664-16820 CBL-Mariner Releases CBL-Mariner Releases 18665-16823 No Security Update 1.1.1k-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18665-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 CBL-Mariner Releases 2.3 2026-02-18T01:32:49 <p>Information published.</p> 1.0 2022-07-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2284 Heap-based Buffer Overflow 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-09T00:00:00 <p>Information published.</p> Out-of-bounds Read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2287 Out-of-bounds Read 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18660-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-09T00:00:00 <p>Information published.</p> Out-of-bounds Write in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2288 Out-of-bounds Write 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-13T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2289 Use After Free 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-13T00:00:00 <p>Information published.</p> NULL Pointer Dereference in lxml/lxml <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2309 NULL Pointer Dereference 18672-16820 18673-16820 18674-16823 18675-16823 18672-16820 18673-16820 18674-16823 18675-16823 Important 18672-16820 Important 18673-16820 Important 18674-16823 Important 18675-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18672-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18673-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18674-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18675-16823 CBL-Mariner Releases 18672-16820 No Security Update 4.7.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18672-16820 CBL-Mariner Releases CBL-Mariner Releases 18673-16820 No Security Update 2.9.14-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18673-16820 CBL-Mariner Releases CBL-Mariner Releases 18674-16823 No Security Update 4.9.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18674-16823 CBL-Mariner Releases CBL-Mariner Releases 18675-16823 No Security Update 2.10.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18675-16823 CBL-Mariner Releases 1.0 2022-07-13T00:00:00 <p>Information published.</p> There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2318 Use After Free 18667-16820 18668-16823 18667-16820 18668-16823 Moderate 18667-16820 Moderate 18668-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18667-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18668-16823 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases CBL-Mariner Releases 18668-16823 No Security Update 5.15.55.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18668-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2343 Heap-based Buffer Overflow 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-21T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2344 Heap-based Buffer Overflow 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2345 Use After Free 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2476 NULL Pointer Dereference 19469-16823 19469-16823 Moderate 19469-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19469-16823 CBL-Mariner Releases 19469-16823 No Security Update 5.6.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19469-16823 CBL-Mariner Releases 1.0 2022-07-27T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2522 Heap-based Buffer Overflow 18651-16820 18634-16823 18651-16820 18634-16823 Important 18651-16820 Important 18634-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18651-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18634-16823 CBL-Mariner Releases 18651-16820 No Security Update 9.0.0181-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18651-16820 CBL-Mariner Releases CBL-Mariner Releases 18634-16823 No Security Update 9.0.0325-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18634-16823 CBL-Mariner Releases 1.0 2022-07-28T00:00:00 <p>Information published.</p> Denial of Service (DoS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2022-25891 18624-16823 18624-16823 Important 18624-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18624-16823 CBL-Mariner Releases 18624-16823 No Security Update 1.13.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18624-16823 CBL-Mariner Releases 1.0 2023-11-08T00:00:00 <p>Information published.</p> Heap buffer overflow in finfo_buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2022-31627 Out-of-bounds Write 17719-17084 20029-17084 17719-17084 20029-17084 Critical 17719-17084 Critical 20029-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17719-17084 7.7 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 20029-17084 CBL-Mariner Releases 17719-17084 20029-17084 No Security Update 8.3.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17719-17084 20029-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:01:30 <p>Information published.</p> MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-32081 Use After Free 18640-16823 18640-16823 Important 18640-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-08-23T00:00:00 <p>Information published.</p> MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-32091 Use After Free 16975-16820 18640-16823 16975-16820 18640-16823 Important 16975-16820 Important 18640-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16975-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 16975-16820 No Security Update 10.3.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16975-16820 CBL-Mariner Releases CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-08-23T00:00:00 <p>Information published.</p> A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this or other servers to which the cookies match create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept match and haven't expired. Due to cookie matching rules a server on `foo.example.com` can set cookies that also would match for `bar.example.com` making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32205 Allocation of Resources Without Limits or Throttling 18669-16820 18670-16823 18669-16820 18670-16823 Moderate 18669-16820 Moderate 18670-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18669-16820 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18670-16823 CBL-Mariner Releases 18669-16820 18670-16823 No Security Update 7.84.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18669-16820 18670-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32207 Incorrect Default Permissions 19671-17084 19686-17084 18669-16820 18670-16823 19671-17084 19686-17084 18669-16820 18670-16823 Critical 19671-17084 Critical 19686-17084 Critical 18669-16820 Critical 18670-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19686-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18669-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18670-16823 CBL-Mariner Releases 18669-16820 18670-16823 No Security Update 7.84.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18669-16820 18670-16823 CBL-Mariner Releases 1.1 2026-02-21T02:28:52 <p>Information published.</p> 1.0 2022-07-19T00:00:00 <p>Information published.</p> When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32208 Out-of-bounds Write 19671-17084 19686-17084 18669-16820 18670-16823 19671-17084 19686-17084 18669-16820 18670-16823 Moderate 19671-17084 Moderate 19686-17084 Moderate 18669-16820 Moderate 18670-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19686-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18669-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18670-16823 CBL-Mariner Releases 18669-16820 18670-16823 No Security Update 7.84.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18669-16820 18670-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:16:46 <p>Information published.</p> A OS Command Injection vulnerability exists in Node.js versions <14.20.0 <16.20.0 <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32212 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 18658-16820 17389-16823 18658-16820 17389-16823 Important 18658-16820 Important 17389-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18658-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17389-16823 CBL-Mariner Releases 18658-16820 No Security Update 14.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18658-16820 CBL-Mariner Releases CBL-Mariner Releases 17389-16823 No Security Update 16.20.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17389-16823 CBL-Mariner Releases 1.0 2022-07-22T00:00:00 <p>Information published.</p> The llhttp parser <v14.20.1 <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32215 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 19671-17084 18658-16820 18659-16823 17735-17084 19686-17084 19671-17084 18658-16820 18659-16823 17735-17084 19686-17084 Moderate 19671-17084 Moderate 18658-16820 Moderate 18659-16823 Moderate 17735-17084 Moderate 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18658-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18659-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17735-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19686-17084 CBL-Mariner Releases 18658-16820 No Security Update 14.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18658-16820 CBL-Mariner Releases CBL-Mariner Releases 18659-16823 No Security Update 16.16.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18659-16823 CBL-Mariner Releases CBL-Mariner Releases 17735-17084 No Security Update 1.75.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17735-17084 CBL-Mariner Releases 1.0 2022-07-22T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:36:42 <p>Information published.</p> An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-33099 Out-of-bounds Write 19717-17084 19084-17084 18676-16820 18677-16823 16908-17084 18678-17084 19666-17084 19082-17084 19717-17084 19084-17084 18676-16820 18677-16823 16908-17084 18678-17084 19666-17084 19082-17084 Important 19717-17084 Important 19084-17084 Important 18676-16820 Important 18677-16823 Important 16908-17084 Important 18678-17084 Important 19666-17084 Important 19082-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19717-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19084-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18676-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18677-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16908-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18678-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19666-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19082-17084 CBL-Mariner Releases 19717-17084 18678-17084 No Security Update 7.95-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19717-17084 18678-17084 CBL-Mariner Releases CBL-Mariner Releases 18676-16820 No Security Update 5.3.5-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18676-16820 CBL-Mariner Releases CBL-Mariner Releases 18677-16823 No Security Update 5.4.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18677-16823 CBL-Mariner Releases CBL-Mariner Releases 16908-17084 19082-17084 No Security Update 5.2.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16908-17084 19082-17084 CBL-Mariner Releases CBL-Mariner Releases 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19666-17084 CBL-Mariner Releases 1.0 2022-07-12T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2026-02-18T01:03:38 <p>Information published.</p> network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path) a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner XEN Yes CVE-2022-33743 18605-16820 18617-16823 18605-16820 18617-16823 Important 18605-16820 Important 18617-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18605-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-34526 Out-of-bounds Write 17977-16820 18652-16823 17977-16820 18652-16823 Moderate 17977-16820 Moderate 18652-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18652-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 18652-16823 No Security Update 4.4.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18652-16823 CBL-Mariner Releases 1.0 2022-08-06T00:00:00 <p>Information published.</p> 1.1 2022-08-05T00:00:00 <p>Information published.</p> GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-34903 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 18484-16820 18671-16823 18484-16820 18671-16823 Moderate 18484-16820 Moderate 18671-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 18484-16820 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 18671-16823 CBL-Mariner Releases 18484-16820 No Security Update 2.2.20-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18484-16820 CBL-Mariner Releases CBL-Mariner Releases 18671-16823 No Security Update 2.3.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18671-16823 CBL-Mariner Releases 1.0 2022-07-14T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges a different vulnerability than CVE-2022-32250. (The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-34918 Access of Resource Using Incompatible Type ('Type Confusion') 18667-16820 18668-16823 18667-16820 18668-16823 Important 18667-16820 Important 18668-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18667-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18668-16823 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases CBL-Mariner Releases 18668-16823 No Security Update 5.15.55.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18668-16823 CBL-Mariner Releases 1.0 2022-07-14T00:00:00 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33454 NULL Pointer Dereference 17890-16820 18875-16823 18876-17084 18417-17084 17890-16820 18875-16823 18876-17084 18417-17084 Moderate 17890-16820 Moderate 18875-16823 Moderate 18876-17084 Moderate 18417-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18875-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18876-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18417-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18875-16823 18876-17084 18417-17084 No Security Update 1.3.0-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18875-16823 18876-17084 18417-17084 CBL-Mariner Releases 1.0 2024-07-10T00:00:00 <p>Information published.</p> 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.2 2024-08-17T00:00:00 <p>Information published.</p> 1.3 2024-08-18T00:00:00 <p>Information published.</p> 1.4 2024-08-19T00:00:00 <p>Information published.</p> 1.5 2024-08-20T00:00:00 <p>Information published.</p> 1.6 2024-08-21T00:00:00 <p>Information published.</p> 1.7 2024-08-22T00:00:00 <p>Information published.</p> 1.8 2024-08-23T00:00:00 <p>Information published.</p> 1.9 2024-08-24T00:00:00 <p>Information published.</p> 2.0 2024-08-25T00:00:00 <p>Information published.</p> 2.1 2024-08-26T00:00:00 <p>Information published.</p> 2.2 2024-08-27T00:00:00 <p>Information published.</p> 2.3 2024-08-28T00:00:00 <p>Information published.</p> 2.4 2024-08-29T00:00:00 <p>Information published.</p> 2.5 2024-08-30T00:00:00 <p>Information published.</p> 2.6 2024-08-31T00:00:00 <p>Information published.</p> 2.7 2024-09-01T00:00:00 <p>Information published.</p> 2.8 2024-09-02T00:00:00 <p>Information published.</p> 2.9 2024-09-03T00:00:00 <p>Information published.</p> 3.0 2024-09-05T00:00:00 <p>Information published.</p> 3.1 2024-09-06T00:00:00 <p>Information published.</p> 3.2 2024-09-07T00:00:00 <p>Information published.</p> 3.3 2024-09-08T00:00:00 <p>Information published.</p> 3.4 2024-09-11T00:00:00 <p>Information published.</p> 3.5 2026-02-20T22:58:55 <p>Information published.</p> When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFOkernel will write memory out of bounds. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33655 Out-of-bounds Write 18610-16820 18617-16823 18610-16820 18617-16823 Moderate 18610-16820 Moderate 18617-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18610-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18610-16820 No Security Update 5.10.144.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18610-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-25T00:00:00 <p>Information published.</p> When setting font with malicous data by ioctl cmd PIO_FONTkernel will write memory out of bounds. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2021-33656 Out-of-bounds Write 18667-16820 18667-16820 Moderate 18667-16820 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18667-16820 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases 1.0 2022-07-29T00:00:00 <p>Information published.</p> A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3695 Out-of-bounds Write 19663-17084 18842-17084 19663-17084 18842-17084 Moderate 19663-17084 Moderate 18842-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19663-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18842-17084 CBL-Mariner Releases 19663-17084 18842-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19663-17084 18842-17084 CBL-Mariner Releases 1.2 2026-02-19T01:01:20 <p>Information published.</p> 1.0 2023-10-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3696 Out-of-bounds Write 19663-17084 18842-17084 19663-17084 18842-17084 Moderate 19663-17084 Moderate 18842-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19663-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 18842-17084 CBL-Mariner Releases 19663-17084 18842-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19663-17084 18842-17084 CBL-Mariner Releases 1.2 2026-02-19T01:01:26 <p>Information published.</p> 1.0 2023-10-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A crafted JPEG image may lead the JPEG reader to underflow its data pointer allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3697 Out-of-bounds Write 18842-17084 19663-17084 18842-17084 19663-17084 Important 18842-17084 Important 19663-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18842-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19663-17084 CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.0 2023-10-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:01:33 <p>Information published.</p> A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4135 Missing Release of Memory after Effective Lifetime 18638-16820 18617-16823 18638-16820 18617-16823 Moderate 18638-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-07-21T00:00:00 <p>Information published.</p> Possible cross-site scripting vulnerability in libxml after commit 960f0e2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2016-3709 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 16872-16820 16873-16823 16872-16820 16873-16823 Moderate 16872-16820 Moderate 16873-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 16872-16820 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 16873-16823 CBL-Mariner Releases 16872-16820 No Security Update 2.9.14-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16872-16820 CBL-Mariner Releases CBL-Mariner Releases 16873-16823 No Security Update 2.10.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16873-16823 CBL-Mariner Releases 1.0 2022-08-06T00:00:00 <p>Information published.</p> 1.1 2023-08-03T00:00:00 <p>Information published.</p> An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33452 Missing Release of Memory after Effective Lifetime 21097-17084 19796-17084 21097-17084 19796-17084 Moderate 21097-17084 Moderate 19796-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 21097-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19796-17084 2.0 2026-03-31T14:42:23 <p>Information published.</p> 1.0 2025-09-03T21:27:58 <p>Information published.</p> Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-33103 Out-of-bounds Write 19662-17086 17459-17084 17093-17086 19662-17086 17459-17084 17093-17086 19662-17086 Important 17459-17084 Important 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17459-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 1.0 2025-09-03T21:58:01 <p>Information published.</p> 2.0 2026-02-18T03:03:46 <p>Information published.</p> squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner jpcert Yes CVE-2022-33967 Out-of-bounds Write 19662-17086 17093-17086 17459-17084 19662-17086 17093-17086 17459-17084 19662-17086 Important 17093-17086 Important 17459-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17459-17084 1.0 2025-09-03T22:21:10 <p>Information published.</p> 2.0 2026-02-18T03:07:18 <p>Information published.</p> An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33450 Missing Release of Memory after Effective Lifetime 21097-17084 19796-17084 21097-17084 19796-17084 Moderate 21097-17084 Moderate 19796-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 21097-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19796-17084 1.0 2025-09-03T23:07:56 <p>Information published.</p> 2.0 2026-03-31T14:41:57 <p>Information published.</p> An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-35409 Out-of-bounds Read 19662-17086 17459-17084 17093-17086 19662-17086 17459-17084 17093-17086 19662-17086 Critical 17459-17084 Critical 17093-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19662-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17459-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17093-17086 1.0 2025-09-04T00:42:29 <p>Information published.</p> 2.0 2026-02-18T02:17:36 <p>Information published.</p> Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2022-34169 Incorrect Conversion between Numeric Types 16968-16820 19693-17084 16968-16820 19693-17084 Important 16968-16820 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 16968-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19693-17084 CBL-Mariner Releases 16968-16820 No Security Update 1.8.0.332-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16968-16820 CBL-Mariner Releases 1.0 2025-09-03T21:42:26 <p>Information published.</p> 1.1 2026-02-18T01:56:29 <p>Information published.</p> Potential heap overflow in Redis <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-31144 Heap-based Buffer Overflow 18657-16820 18002-16823 18657-16820 18002-16823 Important 18657-16820 Important 18002-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18657-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18002-16823 CBL-Mariner Releases 18657-16820 18002-16823 No Security Update 6.2.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18657-16820 18002-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:17 <p>Information published.</p> Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Com <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2022-21541 16968-16820 16968-16820 Moderate 16968-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 16968-16820 CBL-Mariner Releases 16968-16820 No Security Update 1.8.0.332-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16968-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:15 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33468 Use After Free 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:32:43 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33467 Use After Free 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:31:09 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33466 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:29:53 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33464 Out-of-bounds Write 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:26:41 <p>Information published.</p> 1.1 2025-11-19T01:41:19 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33462 Use After Free 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:23:46 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33461 Use After Free 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:22:11 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33460 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:20:29 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33459 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:19:16 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33457 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:16:18 <p>Information published.</p> An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33455 NULL Pointer Dereference 17890-16820 18874-16823 19525-17084 17890-16820 18874-16823 19525-17084 Moderate 17890-16820 Moderate 18874-16823 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17890-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18874-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 CBL-Mariner Releases 17890-16820 No Security Update 1.3.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17890-16820 CBL-Mariner Releases CBL-Mariner Releases 18874-16823 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-16823 CBL-Mariner Releases 1.0 2025-09-03T20:13:39 <p>Information published.</p> A flaw was found in Openstack manilla owning a Ceph File system "share" which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0670 Incorrect Authorization 18655-16820 18656-16823 16939-17084 19856-17084 18655-16820 18656-16823 16939-17084 19856-17084 Critical 18655-16820 Critical 18656-16823 Critical 16939-17084 Critical 19856-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 18655-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 18656-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 16939-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19856-17084 CBL-Mariner Releases 18655-16820 18656-16823 No Security Update 16.2.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18655-16820 18656-16823 CBL-Mariner Releases CBL-Mariner Releases 16939-17084 19856-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16939-17084 19856-17084 CBL-Mariner Releases 1.0 2022-08-02T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T15:03:57 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2264 Heap-based Buffer Overflow 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-08T00:00:00 <p>Information published.</p> Integer Overflow or Wraparound in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2285 Integer Overflow or Wraparound 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-09T00:00:00 <p>Information published.</p> Out-of-bounds Read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2286 Out-of-bounds Read 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-09T00:00:00 <p>Information published.</p> Stack-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-2304 Stack-based Buffer Overflow 18660-16820 18661-16823 18660-16820 18661-16823 Important 18660-16820 Important 18661-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18660-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18661-16823 CBL-Mariner Releases 18660-16820 No Security Update 9.0.0050-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18660-16820 CBL-Mariner Releases CBL-Mariner Releases 18661-16823 No Security Update 9.0.0050-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18661-16823 CBL-Mariner Releases 1.0 2022-07-13T00:00:00 <p>Information published.</p> The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2380 Out-of-bounds Write 18638-16820 18617-16823 18638-16820 18617-16823 Moderate 18638-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-07-21T00:00:00 <p>Information published.</p> The authfile directive in the booth config file is ignored preventing use of authentication in communications from node to node. As a result nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-2553 Improper Authentication 19496-16823 19496-16823 Moderate 19496-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19496-16823 CBL-Mariner Releases 19496-16823 No Security Update 1.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19496-16823 CBL-Mariner Releases 1.0 2023-03-22T00:00:00 <p>Information published.</p> An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30550 Improper Authentication 19201-16823 19201-16823 Important 19201-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19201-16823 CBL-Mariner Releases 19201-16823 No Security Update 2.3.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19201-16823 CBL-Mariner Releases 1.0 2022-07-26T00:00:00 <p>Information published.</p> curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32206 Allocation of Resources Without Limits or Throttling 19686-17084 18669-16820 18670-16823 19671-17084 19686-17084 18669-16820 18670-16823 19671-17084 Moderate 19686-17084 Moderate 18669-16820 Moderate 18670-16823 Moderate 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18669-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18670-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19671-17084 CBL-Mariner Releases 18669-16820 18670-16823 No Security Update 7.84.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18669-16820 18670-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:57:20 <p>Information published.</p> The llhttp parser <v14.20.1 <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32213 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 18658-16820 17389-16823 17735-17084 19671-17084 19686-17084 18658-16820 17389-16823 17735-17084 19671-17084 19686-17084 Moderate 18658-16820 Moderate 17389-16823 Moderate 17735-17084 Moderate 19671-17084 Moderate 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18658-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17389-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17735-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19686-17084 CBL-Mariner Releases 18658-16820 No Security Update 14.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18658-16820 CBL-Mariner Releases CBL-Mariner Releases 17389-16823 No Security Update 16.20.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17389-16823 CBL-Mariner Releases CBL-Mariner Releases 17735-17084 No Security Update 1.75.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17735-17084 CBL-Mariner Releases 1.0 2022-07-22T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:25:40 <p>Information published.</p> The llhttp parser <v14.20.1 <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-32214 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 19671-17084 19686-17084 18658-16820 18659-16823 17735-17084 19671-17084 19686-17084 18658-16820 18659-16823 17735-17084 Moderate 19671-17084 Moderate 19686-17084 Moderate 18658-16820 Moderate 18659-16823 Moderate 17735-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18658-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18659-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17735-17084 CBL-Mariner Releases 18658-16820 No Security Update 14.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18658-16820 CBL-Mariner Releases CBL-Mariner Releases 18659-16823 No Security Update 16.16.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18659-16823 CBL-Mariner Releases CBL-Mariner Releases 17735-17084 No Security Update 1.75.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17735-17084 CBL-Mariner Releases 1.0 2022-07-22T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:06:55 <p>Information published.</p> Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held resulting in a small race window which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0 e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner XEN Yes CVE-2022-33744 18605-16820 18617-16823 18605-16820 18617-16823 Moderate 18605-16820 Moderate 18617-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18605-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> In mistune through 2.0.2 support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-34749 Inefficient Regular Expression Complexity 18653-16820 18654-16823 18653-16820 18654-16823 Important 18653-16820 Important 18654-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18653-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18654-16823 CBL-Mariner Releases 18653-16820 No Security Update 0.8.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18653-16820 CBL-Mariner Releases CBL-Mariner Releases 18654-16823 No Security Update 0.8.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18654-16823 CBL-Mariner Releases 1.0 2022-08-03T00:00:00 <p>Information published.</p> softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting the non-virtualization use case are not considered security bugs at this time. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-35414 Use of Uninitialized Resource 18662-16820 18663-16823 18535-17084 18662-16820 18663-16823 18535-17084 Important 18662-16820 Important 18663-16823 Important 18535-17084 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18662-16820 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18663-16823 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18535-17084 CBL-Mariner Releases 18662-16820 No Security Update 4.2.0-43 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18662-16820 CBL-Mariner Releases CBL-Mariner Releases 18663-16823 No Security Update 6.2.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18663-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-36123 18638-16820 18617-16823 18638-16820 18617-16823 Important 18638-16820 Important 18617-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18638-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-09T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-36879 18638-16820 18617-16823 18638-16820 18617-16823 Moderate 18638-16820 Moderate 18617-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18638-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18638-16820 No Security Update 5.10.134.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18638-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-03T00:00:00 <p>Information published.</p> nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because in the case of an nf_queue verdict with a one-byte nfta_payload attribute an skb_pull can encounter a negative skb->len. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-36946 18605-16820 18617-16823 18605-16820 18617-16823 Important 18605-16820 Important 18617-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18605-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18617-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18617-16823 No Security Update 5.15.67.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18617-16823 CBL-Mariner Releases 1.0 2022-08-05T00:00:00 <p>Information published.</p> 1.1 2022-08-06T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> In libtirpc before 1.3.3rc1 remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can in turn lead to an svc_run infinite loop without accepting new connections. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-46828 Improper Handling of Exceptional Conditions 18872-16820 18873-16823 18872-16820 18873-16823 Important 18872-16820 Important 18873-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18872-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18873-16823 CBL-Mariner Releases 18872-16820 No Security Update 1.1.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18872-16820 CBL-Mariner Releases CBL-Mariner Releases 18873-16823 No Security Update 1.3.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18873-16823 CBL-Mariner Releases 1.0 2022-08-02T00:00:00 <p>Information published.</p> Regular Expression Denial of Service (ReDoS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2022-25858 Inefficient Regular Expression Complexity 18828-17084 18828-17084 Important 18828-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18828-17084 CBL-Mariner Releases 18828-17084 No Security Update 3.19.3-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18828-17084 CBL-Mariner Releases 1.0 2025-05-15T00:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2022-21845 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows BitLocker Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is raw unencrypted disk sector data.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access specific parts of the storage device and could read or write to portions of the device that are unencrypted. However, this vulnerability would not allow an attacker to deny function of the storage device.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could access unencrypted parts of a BitLocker encrypted storage device if the administrator resizes the OS volume while concurrently provisioning the drive with BitLocker encryption.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Windows BitLocker Microsoft Yes CVE-2022-22711 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 1.0 2022-07-12T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33641 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within the VNET associated with the vulnerable configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33642 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33643 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> AMD: CVE-2022-29900 AMD CPU Branch Type Confusion <p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a></li> </ul> <p><strong>Are any additional steps required to protect my system after installing the July Windows updates?</strong></p> <p>Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.</p> <ul> <li>Microsoft Windows client customers: See <a href="https://support.microsoft.com/help/4073119">Microsoft Knowledge Base Article 4073119</a>.</li> <li>Microsoft Windows Server/Azure Stack HCI customers: See <a href="https://support.microsoft.com/help/4072698">Microsoft Knowledge Base Article 4072698</a> for additional information, including workarounds.</li> </ul> <p>Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect VMs running in Azure. More information can be found <a href="https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities">here</a>.</p> <p><strong>Can I expect any performance impact after I configure the registry keys?</strong></p> <p>In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security.</p> <p><strong>The Security Updates table indicates that all versions of Windows are affected. When will updates be available for my operating system?</strong></p> <p>Currently we have released updates for Windows Server 2022 and Windows Server 2022 (Server Core installation). Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with AMD to investigate and prioritize the best way to provide mitigations and will release further updates as needed to help protect customers. The Security Updates table will be updated as updates are released. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://technet.microsoft.com/en-us/security/dd252948">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/">Coming Soon: New Security Update Guide Notification System</a>.</p> <p><strong>Are Microsoft Azure assets protected?</strong></p> <p>Microsoft has already deployed mitigations across our cloud services. More information is available <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/mitigate-se">here</a>.</p> <p><strong>How do I know if I am affected?</strong></p> <p>Please refer to AMD advisory <a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a> to determine which AMD CPUs are affected.</p> AMD CPU Branch Advanced Micro Devices Inc. Yes CVE-2022-29900 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023702 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 5026370 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370 5025230 11923 11924 Yes Security Update 10.0.20348.1726 https://support.microsoft.com/help/5026370 11923 11924 5026370 5026370 https://support.microsoft.com/help/5026370 11923 11924 5026456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456 11923 11924 Yes Security Hotpatch Update 10.0.20348.1724 https://support.microsoft.com/help/5026456 11923 11924 5026456 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 5015807 5026368 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368 5025224 11926 11927 Yes Security Update 10.0.22000.1936 https://support.microsoft.com/help/5026368 11926 11927 5026368 5026368 https://support.microsoft.com/help/5026368 11926 11927 5026361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361 5025221 11929 11930 11931 Yes Security Update 10.0.19044.2965 https://support.microsoft.com/help/5026361 11929 11930 11931 5026361 5026361 https://support.microsoft.com/help/5026361 11929 11930 11931 12097 12098 12099 5026361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361 5025221 12097 12098 12099 Yes Security Update 10.0.19045.2965 https://support.microsoft.com/help/5026361 12097 12098 12099 5026361 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 https://support.microsoft.com/help/5023713 10729 10735 5023713 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 https://support.microsoft.com/help/5023697 10852 10853 10816 10855 5023697 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023755 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023754 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 https://support.microsoft.com/help/5023769 10051 10049 5023769 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 https://support.microsoft.com/help/5023759 10051 10049 5023759 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 https://support.microsoft.com/help/5023756 10378 10379 5023756 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 https://support.microsoft.com/help/5023752 10378 10379 5023752 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 https://support.microsoft.com/help/5023765 10483 10543 5023765 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 https://support.microsoft.com/help/5023764 10483 10543 5023764 1.0 2022-07-12T07:00:00 <p>Information published.</p> 2.1 2023-05-09T07:00:00 <p>This document originally was associated with CVE-2022-23816. That CVE was officially rejected by the assigning CNA in lieu of a different CVE which was associated with the same vulnerability. For this reason, we updated this document to reference CVE-2022-29900. This is an informational change only.</p> 2.2 2023-09-04T07:00:00 <p>Updated the links to the Windows Update Catalog. This is an informational change only.</p> 2.0 2023-03-14T07:00:00 <p>The following updates have been made to this CVE: 1) Microsoft is announcing the availability of the March 2023 security updates to address this vulnerability for all supported versions of Windows, with the exception of Windows Server 2022 and Windows Server 2022 (Server Core installation). The updates for Windows Server 2022 were released on February 14, 2023. 2) In the Security Updates table, removed all versions of Windows 7 and Windows 8.1 as these versions are no longer in support.</p> Chromium: CVE-2022-2295 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2295 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.49 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.1 2022-07-07T07:00:00 <p>Updated CVE title. This is an informational change only.</p> 1.0 2022-07-06T16:32:51 <p>Information published.</p> Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.49</td> <td>7/6/2022</td> <td>103.0.5060.114</td> </tr> <tr> <td>Extended Stable: 102.0.1245.56</td> <td>7/6/2022</td> <td>102.0.5005.148</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2294 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.49 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.1 2022-07-07T07:00:00 <p>Updated CVE title. This is an informational change only.</p> 1.0 2022-07-06T16:32:48 <p>Information published.</p> Chromium: CVE-2022-2477 Use after free in Guest View <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.71</td> <td>7/22/2022</td> <td>103.0.5060.134</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2477 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-07-22T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2478 Use after free in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.71</td> <td>7/22/2022</td> <td>103.0.5060.134</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2478 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-07-22T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.71</td> <td>7/22/2022</td> <td>103.0.5060.134</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2479 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-07-22T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2480 Use after free in Service Worker API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.71</td> <td>7/22/2022</td> <td>103.0.5060.134</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2480 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-07-22T07:00:00 <p>Information published.</p> Chromium: CVE-2022-2481 Use after free in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>103.0.1264.71</td> <td>7/22/2022</td> <td>103.0.5060.134</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-2481 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 103.0.1264.71 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-07-22T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-30181 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information 21 <a href="https://twitter.com/kwsecu">William S&#246;derberg with WithSecure </a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Storage Library Information Disclosure Vulnerability <p><strong>What is CBC padding in storage SDK?</strong></p> <p>Azure Storage .NET, Java, and Python SDKs use cipher block chaining (CBC mode) for client-side encryption. This client-side encryption is used by very small set of customers, who encrypt their data on the client with a customer-managed key that is maintained in Azure Key Vault or another key store before uploading to Azure Storage.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could decrypt data on the client side and disclose the content of the file or blob.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Azure Storage Library Microsoft Yes CVE-2022-30187 12060 12063 12064 12065 12062 Information Disclosure 12060 Information Disclosure 12063 Information Disclosure 12064 Information Disclosure 12065 Information Disclosure 12062 Important 12060 Important 12063 Important 12064 Important 12065 Important 12062 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12060 4.7 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12063 4.7 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12064 4.7 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12065 4.7 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12062 Update Information https://www.nuget.org/packages/Azure.Storage.Blobs/12.13.0 12060 Maybe Security Update 12.13.0 https://www.nuget.org/packages/Azure.Storage.Blobs/12.13.0 12060 Update Information Update Information https://www.nuget.org/packages/Azure.Storage.Queues/12.11.0 12063 Maybe Security Update 12.13.0 https://www.nuget.org/packages/Azure.Storage.Queues/12.11.0 12063 Update Information Update Information https://search.maven.org/artifact/com.azure/azure-storage-blob/12.18.0/jar 12064 Maybe Security Update 12.18.0 https://search.maven.org/artifact/com.azure/azure-storage-blob/12.18.0/jar 12064 Update Information Update Information https://pypi.org/project/azure-storage-queue/12.4.0/ 12065 Maybe Security Update 12.4.0 https://pypi.org/project/azure-storage-queue/12.4.0/ 12065 Update Information Update Information https://pypi.org/project/azure-storage-blob/12.13.0/ 12062 Maybe Security Update 12.13.0 https://pypi.org/project/azure-storage-blob/12.13.0/ 12062 Update Information <a href="https://twitter.com/schmiegsophie">Sophie Schmieg</a> with <a href="https://google.com/">Google</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Advanced Local Procedure Call Microsoft Yes CVE-2022-30202 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Jarvis_1oop 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Boot Manager Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment.</p> Windows Boot Manager Microsoft Yes CVE-2022-30203 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Zammis Clark 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Group Policy Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Group Policy Microsoft Yes CVE-2022-30205 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Matthieu Buffet 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-30206 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not disabled, follow these steps:</p> <p><strong>Stop and disable the Print Spooler service</strong></p> <p>If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <a href="https://twitter.com/offenseindepth">Victor Mata</a> with <a href="https://www.accenture.com/">FusionX, Accenture Security</a> <a href="https://twitter.com/uuulucky">luckyu</a> with <a href="https://www.nsfocus.com.cn/">NSFOCUS TIANYUAN LAB</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Security Account Manager (SAM) Denial of Service Vulnerability Windows Security Account Manager Microsoft Yes CVE-2022-30208 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows IIS Server Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the service.</p> Windows IIS Microsoft Yes CVE-2022-30209 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10047 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10048 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10481 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10482 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10484 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10287 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9344 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10853 10816 10855 10852 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10853 10816 10855 10852 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-30211 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/i4mchr00t">Alex Nichols</a> with <a href="https://labs.nettitude.com/">Nettitude</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2022-30212 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 JIWO Technology Co., Ltd 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows GDI+ Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-30213 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 willJ of vulnerability research institute 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: DNS Server Microsoft Yes CVE-2022-30214 11571 11572 11923 11924 11803 10816 10855 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11803 Remote Code Execution 10816 Remote Code Execution 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11571 11572 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015807 https://support.microsoft.com/help/5015807 11803 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10816 10855 5015808 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2022-07-12T07:00:00 <p>Information published.</p> Active Directory Federation Services Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Active Directory Microsoft Yes CVE-2022-30215 11571 11572 11923 11924 11803 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11571 11572 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015807 https://support.microsoft.com/help/5015807 11803 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10816 10855 5015808 National Security Agency 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Server Service Tampering Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service.</p> Windows Server Service Microsoft Yes CVE-2022-30216 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Tampering 11896 Tampering 11897 Tampering 11898 Tampering 11923 Tampering 11924 Tampering 11801 Tampering 11802 Tampering 11803 Tampering 11926 Tampering 11927 Tampering 11929 Tampering 11930 Tampering 11931 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://akamai.com/">Akamai Technologies</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage Microsoft Yes CVE-2022-30220 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/secboxer">Boxer</a> with Vulnerability Research Institute <a href="https://twitter.com/thunderj17">Thunder_J</a> and <a href="https://twitter.com/secboxer">Boxer</a> with Vulnerability Research Institute 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p><strong>How would an attacker exploit this vulnerability?</strong></p> <p>An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.</p> <p><strong>I am running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. Is there more information of which I need to be aware?</strong></p> <p>These operating systems are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-30221 11568 11569 11570 11571 11572 11849 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11849 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 10051 Critical 10049 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-1.2.3317.0 11849 Maybe Security Update 1.2.3317.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-1.2.3317.0 11849 Release Notes 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 11929 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 11929 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 Colas Le Guernic, Jeremy Rubert, and Anonymous with <a href="https://thalium.re/">Thalium</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Shell Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could interact with the login screen of a vulnerable system in a specific manner to execute code on that system.</p> Windows Shell Microsoft Yes CVE-2022-30222 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:</p> <p>To remove Microsoft Japanese IME entirely from logon UI the following steps are required.</p> <p>First, you must remove the Japanese language (not IME) from every account on the affected device. As long as there is an account where Japanese is installed, logon will continue to show Microsoft JPN IME.</p> <ol> <li>For each account on the affected device, sign in to the account.</li> <li>Select <strong>Settings</strong>, select <strong>Time &amp; language</strong>.</li> <li>For Windows 11, select <strong>Language &amp; region</strong>. For Windows 10, select <strong>Language</strong>.</li> <li>Select <strong>Japanese</strong> and then select <strong>Remove</strong>. Note that you cannot do this if Japanese is the only language installed or is located at the top in the language list. You will need to add another language to move Japanese down to second or later in the list. Then you can remove the Japanese entry.</li> </ol> <p>Second, you need to make sure the Welcome screen input language is not set to Japanese.</p> <ol start="2"> <li>Select <strong>Settings</strong>, select <strong>Time &amp; language</strong>.</li> <li>For Windows 11, select <strong>Language &amp; region</strong>. For Windows 10, select <strong>Language</strong>.</li> <li>Select <strong>Administrative language settings</strong> then click <strong>Copy Settings</strong> to view the <strong>Welcome screen and new user accounts settings</strong> dialog box.</li> <li>Click the <strong>Administrative</strong> tab to view language settings.</li> <li>Under <strong>Welcome screen</strong> make sure <strong>Input language</strong> is not Japanese (Japan) – Microsoft IME. If it is, make sure <strong>Input language</strong> under **Current user ** is not Japanese (Japan) – Microsoft IME, then select <strong>Welcome screen and system accounts</strong> at the bottom of the dialog box and click <strong>OK</strong> to update the Welcome screen setting.</li> </ol> <p><strong>Impact of workaround</strong> Japanese will not be the display language on the device.</p> <p><strong>How to undo the workaround</strong></p> <ol> <li>Sign into each account and repeat the workaround steps to select <strong>Japanese</strong> for the language.</li> <li>In the device <strong>Settings</strong> repeat the steps to update the Welcome screen setting to Japanese.</li> </ol> Krzysztof Andrusiak 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Hyper-V Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual network can only communicate with each other. In this attack vector, the vulnerable component is bound to the network stack, but the attack is limited to systems configured to use the HNV network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if a Hyper-V Guest attacker successfully exploited this vulnerability is data from the Hyper-V Host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-30223 11569 11571 11572 11896 11923 11924 11803 11926 11931 10735 10853 10816 10855 10048 10482 10051 10049 10378 10379 10483 10543 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11931 Information Disclosure 10735 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10048 Information Disclosure 10482 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11569 Important 11571 Important 11572 Important 11896 Important 11923 Important 11924 Important 11803 Important 11926 Important 11931 Important 10735 Important 10853 Important 10816 Important 10855 Important 10048 Important 10482 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11569 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11569 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11569 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11803 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 5015814 5015814 https://support.microsoft.com/help/5015814 11926 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10482 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10482 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10482 10483 10543 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 luoquan 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Advanced Local Procedure Call Microsoft Yes CVE-2022-30224 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Jarvis_1oop 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could affect the integrity and availability because they could delete privileged registry keys. Confidentiality is not affected by a successful attack, however, because the attacker cannot read or modify the information.</p> Windows Media Microsoft Yes CVE-2022-30225 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Denial of Service 11571 Denial of Service 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Denial of Service 11923 Denial of Service 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Denial of Service 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Denial of Service 10816 Denial of Service 10855 Elevation of Privilege 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11896 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11897 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11898 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11803 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10047 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10048 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10481 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10482 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10484 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 11929 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 11929 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 JIWO Technology Co., Ltd 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-30226 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11896 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11897 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11898 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11803 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10047 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10048 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10481 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10482 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10484 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not disabled, follow these steps:</p> <p><strong>Stop and disable the Print Spooler service</strong></p> <p>If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-22022 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11896 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11897 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11898 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11803 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10047 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10048 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10481 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10482 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10484 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not disabled, follow these steps:</p> <p><strong>Stop and disable the Print Spooler service</strong></p> <p>If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An authenticated attacker who successfully exploited this vulnerability could bypass &quot;Deny Read/Write USB devices&quot; Group Policy settings and access USB devices attached to a vulnerable system.</p> Windows Portable Device Enumerator Service Microsoft Yes CVE-2022-22023 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Fax Service Remote Code Execution Vulnerability <p><strong>In what scenarios is my computer vulnerable?</strong></p> <p>For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable.</p> <p><strong>How can I verify whether the Fax service is running?</strong></p> <ol> <li>Hold the <strong>Windows key</strong> and press <strong>R</strong> on your keyboard. This will open the Run dialog.</li> <li>Type <em>services.msc</em> and press <strong>Enter</strong> to open the Services window.</li> <li>Scroll through the list and locate the <strong>Fax</strong> service. <ul> <li>If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable.</li> <li>If the Fax service is listed but the status is not <em>Running</em>, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.</li> </ul> </li> </ol> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Role: Windows Fax Service Microsoft Yes CVE-2022-22024 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Internet Information Services Cachuri Module Denial of Service Vulnerability Windows IIS Microsoft Yes CVE-2022-22025 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a> to SYSTEM. Because the AppContainer environment is considered a <a href="https://aka.ms/windowscriteria">defensible security boundary</a>, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows Client/Server Runtime Subsystem Microsoft Yes CVE-2022-22026 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Sergei Glazunov with Google Project Zero 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Fax Service Remote Code Execution Vulnerability <p><strong>In what scenarios is my computer vulnerable?</strong></p> <p>For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable.</p> <p><strong>How can I verify whether the Fax service is running?</strong></p> <ol> <li>Hold the <strong>Windows key</strong> and press <strong>R</strong> on your keyboard. This will open the Run dialog.</li> <li>Type <em>services.msc</em> and press <strong>Enter</strong> to open the Services window.</li> <li>Scroll through the list and locate the <strong>Fax</strong> service. <ul> <li>If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable.</li> <li>If the Fax service is listed but the status is not <em>Running</em>, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.</li> </ul> </li> </ol> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Role: Windows Fax Service Microsoft Yes CVE-2022-22027 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 TJ with FuzzWorks 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Network File System Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Network File System Microsoft Yes CVE-2022-22028 11571 11572 11923 11924 11803 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11571 11572 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015807 https://support.microsoft.com/help/5015807 11803 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10816 10855 5015808 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10051 10049 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10483 10543 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Network File System Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).</p> Windows Network File System Microsoft Yes CVE-2022-22029 11571 11572 11923 11924 11803 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11803 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11803 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11571 11572 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015807 https://support.microsoft.com/help/5015807 11803 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10816 10855 5015808 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10051 10049 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10483 10543 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.</p> <p>The following PowerShell command will disable NFSV3:</p> <p><code>Set-NfsServerConfiguration -EnableNFSV3 $false</code></p> <p>After this, you will need to restart NFS server or reboot the machine.</p> <p>To restart NFS server, start a <strong>cmd</strong> window with <strong>Run as Administrator</strong>, enter the following commands:</p> <ul> <li><strong>nfsadmin server stop</strong></li> <li><strong>nfsadmin server start</strong></li> </ul> <p>To confirm that NFSv3 has been turned off, run the following command in a PowerShell window:</p> <p><code>PS C:\Get-NfsServerConfiguration</code></p> <p>Here is the sample output, and notice the EnableNFSv3 is &quot;False&quot; now:</p> <pre><code>State : Running LogActivity : CharacterTranslationFile : Not Configured DirectoryCacheSize (KB) : 128 HideFilesBeginningInDot : Disabled EnableNFSV2 : False EnableNFSV3 : False EnableNFSV4 : True EnableAuthenticationRenewal : True AuthenticationRenewalIntervalSec : 600 NlmGracePeriodSec : 45 MountProtocol : {TCP, UDP} NfsProtocol : {TCP, UDP} NisProtocol : {TCP, UDP} NlmProtocol : {TCP, UDP} NsmProtocol : {TCP, UDP} PortmapProtocol : {TCP, UDP} MapServerProtocol : {TCP, UDP} PreserveInheritance : False NetgroupCacheTimeoutSec : 30 UnmappedUserAccount : WorldAccount : Everyone AlwaysOpenByName : False GracePeriodSec : 240 LeasePeriodSec : 120 OnlineTimeoutSec : 180 </code></pre> <p>To re-enable NFSv3 when machine is patched, enter the following command:</p> <p><code>Set-NfsServerConfiguration -EnableNFSV3 $True </code></p> <p>Again, after this, you will need to restart NFS server or reboot the machine.</p> <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Credential Guard Microsoft Yes CVE-2022-22031 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 James Forshaw with Google Project Zero 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-22034 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Performance Counters for Windows Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Performance Counters Microsoft Yes CVE-2022-22036 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/b2ahex">RyeLv (@b2ahex)</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Advanced Local Procedure Call Microsoft Yes CVE-2022-22037 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Jarvis_1oop 1.0 2022-07-12T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> Windows Remote Procedure Call Runtime Microsoft Yes CVE-2022-22038 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10481 Critical 10482 Critical 10484 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Network File System Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).</p> Windows Network File System Microsoft Yes CVE-2022-22039 11571 11572 11923 11924 11803 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11803 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11803 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11571 11572 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015807 https://support.microsoft.com/help/5015807 11803 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10816 10855 5015808 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10051 10049 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10483 10543 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Internet Information Services Dynamic Compression Module Denial of Service Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker can force a bad response to be cached into a regular URL by having multiple occurrences of the same variable in the query string. The impact depends on the business logic of the user application.</p> Windows IIS Microsoft Yes CVE-2022-22040 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11568 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11569 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11570 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11571 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11572 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11896 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11897 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11898 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11923 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11924 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11801 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11802 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11803 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11926 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11927 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11929 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11930 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 11931 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10729 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10735 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10852 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10853 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10816 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10855 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10047 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10048 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10481 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10482 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10484 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 9312 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10287 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 9318 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 9344 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10051 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10049 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10378 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10379 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10483 7.3 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL which downloads a malicious file that connects to a V4 print server controlled by the attacker.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-22041 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 6.8 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not disabled, follow these steps:</p> <p><strong>Stop and disable the Print Spooler service</strong></p> <p>If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> 1.1 2022-09-20T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Windows Hyper-V Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker can gain access to uninitialized buffer information.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-22042 11569 11571 11572 11896 11923 11924 11803 11926 11931 10735 10853 10816 10855 10048 10482 10051 10049 10378 10379 10483 10543 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11931 Information Disclosure 10735 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10048 Information Disclosure 10482 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11569 Important 11571 Important 11572 Important 11896 Important 11923 Important 11924 Important 11803 Important 11926 Important 11931 Important 10735 Important 10853 Important 10816 Important 10855 Important 10048 Important 10482 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11569 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11569 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11569 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11803 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 5015814 5015814 https://support.microsoft.com/help/5015814 11926 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10482 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10482 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10482 10483 10543 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Luoquan 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Fast FAT File System Driver Elevation of Privilege Vulnerability <p><strong>Why are there two different impacts in the Security Updates table?</strong></p> <p>An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating systems make this more difficult. For this reason, this vulnerability has two different impact ratings.</p> Windows Fast FAT Driver Microsoft Yes CVE-2022-22043 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/thunderj17">Thunder_J</a> and <a href="https://twitter.com/secboxer">Boxer</a> with Vulnerability Research Institute 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows.Devices.Picker.dll Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Media Microsoft Yes CVE-2022-22045 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 11929 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 11929 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Client/Server Runtime Subsystem Microsoft Yes CVE-2022-22047 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Microsoft Threat Intelligence Center (MSTIC) Microsoft Security Response Center (MSRC) 1.0 2022-07-12T07:00:00 <p>Information published.</p> BitLocker Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2022-22048 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10047 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10048 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10481 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10482 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10484 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10287 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9344 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 6.1 5.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Zammis Clark 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Client/Server Runtime Subsystem Microsoft Yes CVE-2022-22049 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 Sergei Glazunov with Google Project Zero 1.0 2022-07-12T07:00:00 <p>Information published.</p> Windows Fax Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Fax and Scan Service Microsoft Yes CVE-2022-22050 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 5015832 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015832 5014710 10729 10735 Yes Security Update 10.0.10240.19360 https://support.microsoft.com/help/5015832 10729 10735 5015832 5015808 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015808 5014702 10852 10853 10816 10855 Yes Security Update 10.0.14393.5246 https://support.microsoft.com/help/5015808 10852 10853 10816 10855 5015808 5015861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015861 5014748 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26022 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015861 5015861 https://support.microsoft.com/help/5015861 10047 10048 10051 10049 5015862 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015862 10047 10048 10051 10049 Yes Security Only 6.1.7601.26022 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015862 5015862 https://support.microsoft.com/help/5015862 10047 10048 10051 10049 5015874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015874 5014738 10481 10482 10484 10483 10543 Yes Monthly Rollup 6.3.9600.20478 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015874 5015874 https://support.microsoft.com/help/5015874 10481 10482 10484 10483 10543 5015877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015877 10481 10482 10483 10543 Yes Security Only 6.3.9600.20478 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015877 5015877 https://support.microsoft.com/help/5015877 10481 10482 10483 10543 5015866 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015866 5014752 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21569 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015866 5015866 https://support.microsoft.com/help/5015866 9312 10287 9318 9344 5015870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015870 9312 10287 9318 9344 Yes Security Only 6.0.6003.21569 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015870 5015870 https://support.microsoft.com/help/5015870 9312 10287 9318 9344 5015863 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015863 5014747 10378 10379 Yes Monthly Rollup 6.2.9200.23771 https://support.microsoft.com/help/5015863 10378 10379 5015863 5015863 https://support.microsoft.com/help/5015863 10378 10379 5015875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015875 10378 10379 Yes Security Only 6.2.9200.23771 https://support.microsoft.com/help/5015875 10378 10379 5015875 5015875 https://support.microsoft.com/help/5015875 10378 10379 <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> 1.1 2022-07-14T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Microsoft Office Microsoft Yes CVE-2022-33632 11952 11953 11573 11574 11762 11763 10753 10754 10603 10601 10602 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 10753 Security Feature Bypass 10754 Security Feature Bypass 10603 Security Feature Bypass 10601 Security Feature Bypass 10602 Important 11952 Important 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11952 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11953 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11573 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11574 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11762 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11763 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10753 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10754 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10603 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10601 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10602 Click to Run 11952 11953 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11952 11953 11573 11574 11762 11763 Click to Run 5002112 https://www.microsoft.com/download/details.aspx?familyid=447b2ed3-8c9f-4abb-8eed-6c5311e53e74 4504710 10753 Maybe Security Update 16.0.5344.1000 https://support.microsoft.com/kb/5002112 10753 5002112 5002112 https://support.microsoft.com/help/5002112 10753 10754 5002112 https://www.microsoft.com/download/details.aspx?familyid=1cc4d651-5e50-4bac-8125-d5be09e6a755 4504710 10754 Maybe Security Update 16.0.5344.1000 https://support.microsoft.com/kb/5002112 10754 5002112 5002121 4486726 10603 Maybe Security Update 15.0.5467.1000 https://support.microsoft.com/kb/5002121 10603 5002121 5002121 https://support.microsoft.com/help/5002121 10603 10601 10602 5002121 https://www.microsoft.com/download/details.aspx?familyid=c91fa4d6-3069-4870-a58c-9f9b8e3e871a 4486726 10601 Maybe Security Update 15.0.5467.1000 https://support.microsoft.com/kb/5002121 10601 5002121 5002121 https://www.microsoft.com/download/details.aspx?familyid=28345644-ce93-4dd5-91c2-2bcc738edeaa 4486726 10602 Maybe Security Update 15.0.5467.1000 https://support.microsoft.com/kb/5002121 10602 5002121 Nathan Shomber of Microsoft 1.0 2022-07-12T07:00:00 <p>Information published.</p> Skype for Business and Lync Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?</strong></p> <p>To successfully exploit this vulnerability, the attacker must have write access on the file share, and an active file share administrator account on the target server. With write access, the attacker would need to modify specific files on the target server to trigger code execution.</p> Skype for Business and Microsoft Lync Microsoft Yes CVE-2022-33633 11892 12025 12026 Remote Code Execution 11892 Remote Code Execution 12025 Remote Code Execution 12026 Important 11892 Important 12025 Important 12026 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11892 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12025 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12026 5016714 https://www.microsoft.com/download/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298f 11892 Maybe Security Update 8308.1198 https://support.microsoft.com/help/5016714 11892 5016714 5016714 https://www.microsoft.com/download/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bec 12025 Maybe Security Update 9319.634 https://support.microsoft.com/help/5016714 12025 5016714 5016714 https://www.microsoft.com/download/details.aspx?familyid=de77f3bc-efd5-4dab-a2fb-81e2894b0937 12026 Maybe Security Update 2046.404 https://support.microsoft.com/help/5016714 12026 5016714 Yiming Xiang with <a href="https://www.nsfocus.cn/">NSFOCUS TIANJI LAB</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data <p><strong>Why is this a HackerOne CVE?</strong></p> <p>This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see <a href="https://curl.se/docs/security.html">curl security problems</a> for information on all of the vulnerabilities that have been addressed.</p> Open Source Software HackerOne Yes CVE-2022-27776 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5015811 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015811 5014692 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3165 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015811 5015811 https://support.microsoft.com/help/5015811 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 11801 11802 11803 11929 11930 11931 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 11803 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 11803 5015807 5015814 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015814 5014688 11926 11927 Yes Security Update 10.0.22000.795 https://support.microsoft.com/help/5015814 11926 11927 5015814 5015814 https://support.microsoft.com/help/5015814 11926 11927 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11929 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11929 11930 11931 5015807 1.0 2022-07-12T07:00:00 <p>Information published.</p> Xbox Live Save Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The user must be authenticated into an Xbox Live account to be able to exploit this vulnerability.</p> XBox Microsoft Yes CVE-2022-33644 11801 11802 11898 11897 11896 11929 11930 11931 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11898 Elevation of Privilege 11897 Elevation of Privilege 11896 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11801 Important 11802 Important 11898 Important 11897 Important 11896 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11801 11802 Yes Security Update 10.0.19042.1826 https://support.microsoft.com/help/5015807 11801 11802 5015807 5015807 https://support.microsoft.com/help/5015807 11801 11802 11898 11897 11896 11929 11930 11931 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11898 11897 11896 11929 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11898 11897 11896 11929 5015807 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11930 11931 Yes Security Update 10.0.19044.1826 https://support.microsoft.com/help/5015807 11930 11931 5015807 Jarvis_1oop 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33650 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33651 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33652 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33653 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33654 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33655 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33656 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33657 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information 21 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33658 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33659 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information 21 <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33660 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33661 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33662 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33663 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33664 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33665 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33666 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33667 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33668 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33669 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33671 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33672 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> AMD: CVE-2022-23825 AMD CPU Branch Type Confusion <p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a></li> </ul> <p><strong>Are any additional steps required to protect my system after installing the July Windows updates?</strong></p> <p>Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.</p> <ul> <li>Microsoft Windows client customers: See <a href="https://support.microsoft.com/help/4073119">Microsoft Knowledge Base Article 4073119</a>.</li> <li>Microsoft Windows Server/Azure Stack HCI customers: See <a href="https://support.microsoft.com/help/4072698">Microsoft Knowledge Base Article 4072698</a> for additional information, including workarounds.</li> </ul> <p>Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect VMs running in Azure. More information can be found <a href="https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities">here</a>.</p> <p><strong>Can I expect any performance impact after I configure the registry keys?</strong></p> <p>In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security.</p> <p><strong>The Security Updates table indicates that all versions of Windows are affected. When will updates be available for my operating system?</strong></p> <p>Currently we have released updates for Windows Server 2022 and Windows Server 2022 (Server Core installation). Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with AMD to investigate and prioritize the best way to provide mitigations and will release further updates as needed to help protect customers. The Security Updates table will be updated as updates are released. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://technet.microsoft.com/en-us/security/dd252948">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/">Coming Soon: New Security Update Guide Notification System</a>.</p> <p><strong>Are Microsoft Azure assets protected?</strong></p> <p>Microsoft has already deployed mitigations across our cloud services. More information is available <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/mitigate-se">here</a>.</p> <p><strong>How do I know if I am affected?</strong></p> <p>Please refer to AMD advisory <a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a> to determine which AMD CPUs are affected.</p> AMD CPU Branch Advanced Micro Devices Inc. Yes CVE-2022-23825 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5023702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023702 5022840 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4131 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5023702 5023702 https://support.microsoft.com/help/5023702 11568 11569 11570 11571 11572 5015807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015807 5014699 11896 11897 11898 Yes Security Update 10.0.19043.1826 https://support.microsoft.com/help/5015807 11896 11897 11898 5015807 5015807 https://support.microsoft.com/help/5015807 11896 11897 11898 5015827 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5015827 5014678 11923 11924 Yes Security Update 10.0.20348.825 https://support.microsoft.com/help/5015827 11923 11924 5015827 5015827 https://support.microsoft.com/help/5015827 11923 11924 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11801 11802 Yes Security Update 10.0.19042.2728 https://support.microsoft.com/help/5023696 11801 11802 5023696 5023696 https://support.microsoft.com/help/5023696 11801 11802 11929 11930 11931 5023698 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698 5022836 11926 11927 Yes Security Update 10.0.22000.1696 https://support.microsoft.com/help/5023698 11926 11927 5023698 5023696 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023696 5022834 11929 11930 11931 Yes Security Update 10.0.19044.2728 https://support.microsoft.com/help/5023696 11929 11930 11931 5023696 5023713 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023713 5022858 10729 10735 Yes Security Update 10.0.10240.19805 https://support.microsoft.com/help/5023713 10729 10735 5023713 5023697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023697 5022838 10852 10853 10816 10855 Yes Security Update 10.0.14393.5786 https://support.microsoft.com/help/5023697 10852 10853 10816 10855 5023697 5023755 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023755 5022890 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21966 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023755 5023755 https://support.microsoft.com/help/5023755 9312 10287 9318 9344 5023754 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023754 9312 10287 9318 9344 Security Only 6.0.6003.21966 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023754 5023754 https://support.microsoft.com/help/5023754 9312 10287 9318 9344 5023769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023769 5022874 10051 10049 Monthly Rollup 6.1.7601.26415 https://support.microsoft.com/help/5023769 10051 10049 5023769 5023769 https://support.microsoft.com/help/5023769 10051 10049 5023759 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023759 10051 10049 Yes Security Only 6.1.7601.26415 https://support.microsoft.com/help/5023759 10051 10049 5023759 5023759 https://support.microsoft.com/help/5023759 10051 10049 5023756 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023756 5022903 10378 10379 Yes Monthly Rollup 6.2.9200.24168 https://support.microsoft.com/help/5023756 10378 10379 5023756 5023756 https://support.microsoft.com/help/5023756 10378 10379 5023752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023752 10378 10379 Yes Security Only 6.2.9200.24168 https://support.microsoft.com/help/5023752 10378 10379 5023752 5023752 https://support.microsoft.com/help/5023752 10378 10379 5023765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023765 5022899 10483 10543 Monthly Rollup 6.3.9600.20865 https://support.microsoft.com/help/5023765 10483 10543 5023765 5023764 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023764 10483 10543 Yes Security Only 6.3.9600.20865 https://support.microsoft.com/help/5023764 10483 10543 5023764 1.0 2022-07-12T07:00:00 <p>Information published.</p> 2.1 2023-04-25T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 2.0 2023-03-14T07:00:00 <p>The following updates have been made to this CVE: 1) Microsoft is announcing the availability of the March 2023 security updates to address this vulnerability for all supported versions of Windows, with the exception of Windows Server 2022 and Windows Server 2022 (Server Core installation). The updates for Windows Server 2022 were released on February 14, 2023. 2) In the Security Updates table, removed all versions of Windows 7 and Windows 8.1 as these versions are no longer in support.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.</p> Azure Site Recovery Microsoft Yes CVE-2022-33673 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within the VNET associated with the vulnerable configuration server.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>This vulnerability may allow an attacker to interfere with ASR replication and monitoring for existing protected VMs. However, customers can disable and re-enable replication for the impacted VMs. This vulnerability also does not have any impact on customer's ability to enable replications for new VMs.</p> Azure Site Recovery Microsoft Yes CVE-2022-33674 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.3 7.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Anonymous 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>How do I install the update to be protected from the CVE-2022-33675 and CVE-2022-33676 vulnerabilities?</strong></p> <p>Unlike other Azure Site Recovery CVEs, to be protected from this particular vulnerability customers must upgrade to version 9.49 of the Process Server by following the instructions <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-manage-process-server#upgrade-a-process-server">here</a>. Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any). More information about managing the Process Server can be found <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-manage-process-server">here</a>.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>The attacker would have to be an authenticated user logged on to the vulnerable system to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What privileges are required?</strong></p> <p>To successfully exploit this vulnerability, an attacker needs to be authorized as a local user on the vulnerable component.</p> Azure Site Recovery Microsoft Yes CVE-2022-33675 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information Jimi Sebree with <a href="https://tenable.com/">Tenable</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>How do I install the update to be protected from the CVE-2022-33675 and CVE-2022-33676 vulnerabilities?</strong></p> <p>Unlike other Azure Site Recovery CVEs, to be protected from this particular vulnerability customers must upgrade to version 9.49 of the Process Server by following the instructions <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-manage-process-server#upgrade-a-process-server">here</a>. Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any). More information about managing the Process Server can be found <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-manage-process-server">here</a>.</p> Azure Site Recovery Microsoft Yes CVE-2022-33676 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information William S&#246;derberg with WithSecure </a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> Azure Site Recovery Microsoft Yes CVE-2022-33677 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps <a href="https://aka.ms/upgrade-to-9.49">here</a> to update to version 9.49.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> Azure Site Recovery Microsoft Yes CVE-2022-33678 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Update Information https://aka.ms/upgrade-to-9.49 12018 Maybe Security Update 9.49 https://support.microsoft.com/topic/update-rollup-62-for-azure-site-recovery-e7aff36f-b6ad-4705-901c-f662c00c402b 12018 Update Information <a href="https://twitter.com/kwsecu">William S&#246;derberg</a> with <a href="https://labs.f-secure.com/">WithSecure</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> Azure Arc Jumpstart Information Disclosure Vulnerability <p><strong>What is the nature of this vulnerability?</strong></p> <p>An information disclosure vulnerability exists in Azure Arc Jumpstart that could allow an authenticated user to view certain credentials and other sensitive information contained in a log file.</p> <p><strong>What are the circumstances leading to a successful exploitation?</strong></p> <p>The client virtual machine is protected behind a secured Azure virtual network (VNET) without access from the internet. A potential attacker would first have to compromise the VNET to have network access to the Azure client virtual machine (Azure Arc Jumpstart-Client). There is only one provisioned user on the client virtual machine, and this user’s credentials are protected by a username and password provided by the end-user at deployment time. There are no other “low level” users that have login access to the virtual machine. The only user credential with access to the VM is the one created and supplied by the original Azure Arc Jumpstart end-user. A potential attacker would first need to gain access to a user login credentials and only then open a remote desktop session (RDP) into the virtual machine.</p> <p><strong>What information can be disclosed and what is the impact?</strong></p> <p>The type of information that could be disclosed is information stored in the logs, which could include credentials as well as other sensitive information for the system</p> <p><strong>Was any personal information or sensitive customer data exposed as a result of this vulnerability?</strong></p> <p>The primary use-case for Azure Arc Jumpstart is to provide an automated training and demo environment intended to be used in sandbox Azure subscriptions. ArcBox does not disclose any personal information or sensitive customer data. In the context of disclosed vulnerability, no customer data were compromised.</p> <p><strong>How can I protect myself from this vulnerability?</strong></p> <p>The Azure Arc Jumpstart service principal credential secret has been removed from the log output of the custom script extension and this fix is now live for all Jumpstart scenarios. If you are an existing user, Microsoft recommends rolling your service principal credential secret. If you are new to Azure Arc Jumpstart, there are no actions necessary.</p> <p><strong>When was the fix for this vulnerability implemented?</strong></p> <p>The removal of the service principal credential secret from the log was completed on 5/26/2022.</p> <p><strong>Where can I find more information about Azure Arc Jumpstart?</strong></p> <p>Please see <a href="https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-jumpstart-arcbox-2-0/ba-p/3025679">Announcing Jumpstart ArcBox 2.0</a> for more information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>The attacker would already need to be logged into the target Azure Arc Jumpstart client virtual machine to be able to discover the information.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Successfully exploiting this vulnerability allows an attacker to get access to the information stored in the logs. The disclosed information is scoped to the specific system and does not provide the attacker with any additional privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What privileges are required?</strong></p> <p>The attacker would have to be present on the Azure Arc Jumpstart virtual machine as a regular user to be able to exploit this vulnerability.</p> Azure Arc Jumpstart Microsoft Yes CVE-2022-35798 12067 Information Disclosure 12067 Moderate 12067 Publicly Disclosed:No;Exploited:No;DOS:N/A 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 12067 Information 12067 Security Update 2.0 https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-jumpstart-arcbox-2-0/ba-p/3025679 12067 Information <a href="https://https/">Jimi Sebree</a> with <a href="https://tenable.com/">Tenable</a> 1.0 2022-07-21T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2058 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 Mariner cve@gitlab.com Yes CVE-2022-2058 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 12137 libtiff libtiff 12138 libtiff-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 12138 libtiff libtiff 12139 libtiff-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 12139 libtiff libtiff 12140 libtiff-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2058 12140 libtiff 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1882 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 Mariner secalert@redhat.com Yes CVE-2022-1882 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.145.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.145.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 12137 kernel kernel 12138 kernel-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.145.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.145.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 12138 kernel kernel 12139 kernel-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.70.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.70.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 12139 kernel kernel 12140 kernel-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.70.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.70.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1882 12140 kernel 1.0 2022-07-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1852 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 Mariner secalert@redhat.com Yes CVE-2022-1852 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 12137 kernel kernel 12138 kernel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 12138 kernel kernel 12139 kernel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 12139 kernel kernel 12140 kernel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 12140 kernel 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2056 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 Mariner cve@gitlab.com Yes CVE-2022-2056 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.4.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 12137 libtiff libtiff 12138 libtiff-4.4.0-2.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-2.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 12138 libtiff libtiff 12139 libtiff-4.4.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 12139 libtiff libtiff 12140 libtiff-4.4.0-2.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-2.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2056 12140 libtiff 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 Mariner security@huntr.dev Yes CVE-2022-2206 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12137 vim-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 12137 vim vim 12138 vim-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 12138 vim vim 12139 vim-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 12139 vim vim 12140 vim-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 12140 vim 1.0 2022-07-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 Mariner security@huntr.dev Yes CVE-2022-2207 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12137 vim-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 12137 vim vim 12138 vim-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 12138 vim vim 12139 vim-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 12139 vim vim 12140 vim-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 12140 vim 1.0 2022-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2057 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 Mariner cve@gitlab.com Yes CVE-2022-2057 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 12137 libtiff libtiff 12138 libtiff-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 12138 libtiff libtiff 12139 libtiff-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 12139 libtiff libtiff 12140 libtiff-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.4.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.0-6 https://nvd.nist.gov/vuln/detail/CVE-2022-2057 12140 libtiff 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2078 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 Mariner secalert@redhat.com Yes CVE-2022-2078 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 12137 kernel kernel 12138 kernel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 12138 kernel kernel 12139 kernel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 12139 kernel kernel 12140 kernel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 12140 kernel 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 Mariner security@huntr.dev Yes CVE-2022-2257 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12137 vim-9.0.0050-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.0050-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.0050-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 12137 vim vim 12138 vim-9.0.0050-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.0050-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.0050-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 12138 vim vim 12139 vim-9.0.0050-2.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.0050-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.0050-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 12139 vim vim 12140 vim-9.0.0050-2.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.0050-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.0050-2 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 12140 vim 1.0 2022-07-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 Mariner security@huntr.dev Yes CVE-2022-2208 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 vim 12137 vim-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 12137 vim vim 12138 vim-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 12138 vim vim 12139 vim-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 12139 vim vim 12140 vim-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 12140 vim 1.0 2022-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 Mariner security@huntr.dev Yes CVE-2022-2210 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12137 vim-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 12137 vim vim 12138 vim-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 12138 vim vim 12139 vim-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 12139 vim vim 12140 vim-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.5172-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.5172-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 12140 vim 1.0 2022-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-34495 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 Mariner cve@mitre.org Yes CVE-2022-34495 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 12137 kernel kernel 12138 kernel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 12138 kernel kernel 12139 kernel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 12139 kernel kernel 12140 kernel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34495 12140 kernel 1.0 2022-07-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-34494 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 Mariner cve@mitre.org Yes CVE-2022-34494 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 12137 kernel kernel 12138 kernel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.131.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.131.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 12138 kernel kernel 12139 kernel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 12139 kernel kernel 12140 kernel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.55.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.55.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-34494 12140 kernel 1.0 2022-07-08T00:00:00 <p>Information published.</p> Microsoft Defender for Endpoint Tampering Vulnerability <p><strong>What is the nature of this vulnerability?</strong></p> <p>This is a client-side code vulnerability consisting of the usage of uninitialized buffer in the buffer pool by the MDE sensor on Linux systems. This affects the IP field, causing any remote connection, including failed connections, to be considered as ‘Successful remote logon’. This, in turn, triggers a false-positive alert.</p> <p><strong>Which platforms are affected by this vulnerability?</strong></p> <p>All Linux machines are affected. The impact is more severe on servers which are under heavy network/login load.</p> <p><strong>How was the vulnerability addressed?</strong></p> <p>The fix enforced full initialization for each buffer before use.</p> <p><strong>What version of the product contains the update that addressed the vulnerability?</strong></p> <p>The fix is included in defender version 101.68.80. Customers are advised to ensure their Defender client is the latest version.</p> Microsoft Defender for Endpoint Microsoft Yes CVE-2022-33637 12015 Tampering 12015 Important 12015 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12015 Release Notes https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-updates?view=o365-worldwide 12015 No Security Update 101.68.80 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-updates?view=o365-worldwide 12015 Release Notes James Sharpe with <a href="https://www.zenotech.com/">Zenotech Ltd</a> 1.0 2022-07-12T07:00:00 <p>Information published.</p> 1.1 2022-07-25T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2025-07-08T07:00:00 <p>Updated links to security updates. This is an informational change only.</p>