March 2022 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2022-Mar 2022-Mar Final 1.0 94 2026-02-21T02:30:09 March 2022 Security Updates 2022-03-08T08:00:00 2026-02-21T02:30:09 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET and Visual Studio</li> <li>Azure Site Recovery</li> <li>Microsoft Defender for Endpoint</li> <li>Microsoft Defender for IoT</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Exchange Server</li> <li>Microsoft Intune</li> <li>Microsoft Office Visio</li> <li>Microsoft Office Word</li> <li>Microsoft Windows ALPC</li> <li>Microsoft Windows Codecs Library</li> <li>Paint 3D</li> <li>Role: Windows Hyper-V</li> <li>Skype Extension for Chrome</li> <li>Tablet Windows User Interface</li> <li>Visual Studio Code</li> <li>Windows Ancillary Function Driver for WinSock</li> <li>Windows CD-ROM Driver</li> <li>Windows Cloud Files Mini Filter Driver</li> <li>Windows COM</li> <li>Windows Common Log File System Driver</li> <li>Windows DWM Core Library</li> <li>Windows Event Tracing</li> <li>Windows Fastfat Driver</li> <li>Windows Fax and Scan Service</li> <li>Windows HTML Platform</li> <li>Windows Installer</li> <li>Windows Kernel</li> <li>Windows Media</li> <li>Windows PDEV</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Print Spooler Components</li> <li>Windows Remote Desktop</li> <li>Windows Security Support Provider Interface</li> <li>Windows SMB Server</li> <li>Windows Update Stack</li> <li>XBox</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-8927">CVE-2020-8927</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0789">CVE-2022-0789</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0790">CVE-2022-0790</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0791">CVE-2022-0791</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0792">CVE-2022-0792</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0793">CVE-2022-0793</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0794">CVE-2022-0794</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0795">CVE-2022-0795</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0796">CVE-2022-0796</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0797">CVE-2022-0797</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0798">CVE-2022-0798</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0799">CVE-2022-0799</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0800">CVE-2022-0800</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0801">CVE-2022-0801</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0802">CVE-2022-0802</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0803">CVE-2022-0803</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0804">CVE-2022-0804</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0805">CVE-2022-0805</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0806">CVE-2022-0806</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0807">CVE-2022-0807</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0808">CVE-2022-0808</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0809">CVE-2022-0809</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21967">CVE-2022-21967</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21975">CVE-2022-21975</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21977">CVE-2022-21977</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21990">CVE-2022-21990</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22006">CVE-2022-22006</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22007">CVE-2022-22007</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22010">CVE-2022-22010</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23265">CVE-2022-23265</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23266">CVE-2022-23266</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23277">CVE-2022-23277</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23278">CVE-2022-23278</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23281">CVE-2022-23281</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23282">CVE-2022-23282</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23283">CVE-2022-23283</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23285">CVE-2022-23285</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23286">CVE-2022-23286</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23287">CVE-2022-23287</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23288">CVE-2022-23288</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23294">CVE-2022-23294</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23295">CVE-2022-23295</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23297">CVE-2022-23297</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23298">CVE-2022-23298</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23299">CVE-2022-23299</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23300">CVE-2022-23300</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23301">CVE-2022-23301</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24451">CVE-2022-24451</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24452">CVE-2022-24452</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24453">CVE-2022-24453</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24456">CVE-2022-24456</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24457">CVE-2022-24457</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24460">CVE-2022-24460</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461">CVE-2022-24461</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24462">CVE-2022-24462</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24463">CVE-2022-24463</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24465">CVE-2022-24465</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24467">CVE-2022-24467</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24468">CVE-2022-24468</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24469">CVE-2022-24469</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24470">CVE-2022-24470</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24471">CVE-2022-24471</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24501">CVE-2022-24501</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24502">CVE-2022-24502</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24503">CVE-2022-24503</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24505">CVE-2022-24505</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24506">CVE-2022-24506</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24508">CVE-2022-24508</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509">CVE-2022-24509</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510">CVE-2022-24510</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24511">CVE-2022-24511</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512">CVE-2022-24512</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24515">CVE-2022-24515</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24517">CVE-2022-24517</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24518">CVE-2022-24518</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24519">CVE-2022-24519</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24520">CVE-2022-24520</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24522">CVE-2022-24522</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24525">CVE-2022-24525</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24526">CVE-2022-24526</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5010324">5010324</a></td> <td>Microsoft Exchange Server 2013</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011487">5011487</a></td> <td>Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011495">5011495</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011497">5011497</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011503">5011503</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011525">5011525</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011527">5011527</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011529">5011529</a></td> <td>Windows 7, Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011534">5011534</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011535">5011535</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011552">5011552</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011560">5011560</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5011564">5011564</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5012698">5012698</a></td> <td>Microsoft Exchange Server 2016, 2019</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Remote Desktop client for Windows Desktop Raw Image Extension on Windows 10 Version 1809 for 32-bit Systems Raw Image Extension on Windows 10 Version 1809 for x64-based Systems Raw Image Extension on Windows 10 Version 1809 for ARM64-based Systems Raw Image Extension on Windows 10 Version 1809 for HoloLens Raw Image Extension on Windows 10 Version 1909 for 32-bit Systems Raw Image Extension on Windows 10 Version 1909 for x64-based Systems Raw Image Extension on Windows 10 Version 1909 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H1 for x64-based Systems Raw Image Extension on Windows 10 Version 21H1 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H1 for 32-bit Systems Raw Image Extension on Windows 10 Version 20H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 20H2 for ARM64-based Systems Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems Raw Image Extension on Windows 10 for 32-bit Systems Raw Image Extension on Windows 10 for x64-based Systems Raw Image Extension on Windows 10 Version 1607 for 32-bit Systems Raw Image Extension on Windows 10 Version 1607 for x64-based Systems HEVC Video Extension HEVC Video Extensions VP9 Video Extensions HEIF Image Extension Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Defender for IoT Microsoft Defender for Endpoint for Linux Microsoft Defender for Endpoint for Mac Microsoft Defender for Endpoint for Android Microsoft Defender for Endpoint for iOS Microsoft Defender for Endpoint for Windows on Windows 10 Version 20H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server, version 20H2 (Server Core Installation) Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2022 Microsoft Defender for Endpoint for Windows on Windows Server 2022 Datacenter: Azure Edition Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 20H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2019 Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems Microsoft Defender for Endpoint EDR sensor on Windows Server 2016 Microsoft Defender for Endpoint EDR sensor on Windows Server 2016 (Server Core installation) Microsoft Defender for Endpoint EDR sensor on Windows Server 2012 R2 Microsoft Defender for Endpoint EDR sensor on Windows Server 2012 R2 (Server Core installation) Azure Site Recovery VMWare to Azure Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.0 .NET 5.0 .NET 6.0 .NET Core 3.1 PowerShell 7.2 PowerShell 7.0 PowerShell 7.1 Microsoft Visual Studio 2022 version 17.1 Visual Studio Code Intune Company Portal for iOS Paint 3D Skype Extension for Chrome Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for Mac Microsoft Office LTSC for Mac 2021 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Edge (Chromium-based) CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Visual Studio Code Microsoft Edge (Chromium-based) Microsoft Exchange Server 2013 Cumulative Update 23 Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems .NET Core 3.1 PowerShell 7.0 Paint 3D .NET 5.0 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Raw Image Extension on Windows 10 for 32-bit Systems Raw Image Extension on Windows 10 for x64-based Systems Raw Image Extension on Windows 10 Version 1607 for 32-bit Systems Raw Image Extension on Windows 10 Version 1607 for x64-based Systems Raw Image Extension on Windows 10 Version 1809 for 32-bit Systems Raw Image Extension on Windows 10 Version 1809 for x64-based Systems Raw Image Extension on Windows 10 Version 1809 for ARM64-based Systems Raw Image Extension on Windows 10 Version 1809 for HoloLens Raw Image Extension on Windows 10 Version 1909 for 32-bit Systems Raw Image Extension on Windows 10 Version 1909 for x64-based Systems Raw Image Extension on Windows 10 Version 1909 for ARM64-based Systems Raw Image Extension on Windows 10 Version 20H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 20H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H1 for x64-based Systems Raw Image Extension on Windows 10 Version 21H1 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H1 for 32-bit Systems Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems HEIF Image Extension HEVC Video Extensions Remote Desktop client for Windows Desktop Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) VP9 Video Extensions Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2019 Cumulative Update 10 Windows Server 2022 Windows Server 2022 (Server Core installation) PowerShell 7.1 Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Defender for IoT Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 HEVC Video Extension Intune Company Portal for iOS Microsoft Defender for Endpoint for Windows on Windows Server 2022 Datacenter: Azure Edition Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2019 Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1909 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 20H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 20H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server, version 20H2 (Server Core Installation) Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H1 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows Server 2022 Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Mac Microsoft Defender for Endpoint for Linux Skype Extension for Chrome Azure Site Recovery VMWare to Azure Microsoft Defender for Endpoint for Android Microsoft Visual Studio 2022 version 17.1 Microsoft Defender for Endpoint EDR sensor on Windows Server 2012 R2 Microsoft Defender for Endpoint EDR sensor on Windows Server 2012 R2 (Server Core installation) Microsoft Defender for Endpoint EDR sensor on Windows Server 2016 Microsoft Defender for Endpoint EDR sensor on Windows Server 2016 (Server Core installation) Microsoft Defender for Endpoint for iOS CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM azl3 teckit 2.5.12-4 on Azure Linux 3.0 azl3 teckit 2.5.12-4 on Azure Linux 3.0 cbl2 qt5-qtsvg 5.12.11-3 on CBL Mariner 2.0 azl3 samba 4.18.3-1 on Azure Linux 3.0 cm1 boost 1.66.0-4 on CBL Mariner 1.0 cm1 openjdk8 1.8.0.332-2 on CBL Mariner 1.0 cm1 tcl 8.6.13-1 on CBL Mariner 1.0 cm1 python2 2.7.18-13 on CBL Mariner 1.0 cm1 grpc 1.35.0-4 on CBL Mariner 1.0 cm1 erlang 24.2-2 on CBL Mariner 1.0 cm1 ccache 3.6-3 on CBL Mariner 1.0 cm1 python3 3.7.13-5 on CBL Mariner 1.0 cm1 mariadb 10.3.36-1 on CBL Mariner 1.0 cm1 zlib 1.2.12-1 on CBL Mariner 1.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-1 on CBL Mariner 2.0 cbl2 tcl 8.6.13-1 on CBL Mariner 2.0 cbl2 nmap 7.93-1 on CBL Mariner 2.0 cbl2 boost 1.76.0-3 on CBL Mariner 2.0 cbl2 zlib 1.2.12-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-2 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 cri-o 1.21.7-2 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 python-waitress 3.0.1-1 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-1 on Azure Linux 3.0 cbl2 openssh 8.9p1-1 on CBL Mariner 2.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 azl3 cmake 3.21.4-10 on Azure Linux 3.0 cm1 hyperv-daemons 5.10.168.1-1 on CBL Mariner 1.0 cbl2 hyperv-daemons 5.15.92.1-1 on CBL Mariner 2.0 azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0 cm1 kernel 5.10.111.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.32.1-3 on CBL Mariner 2.0 cbl2 kernel 5.15.32.1-2 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-48 on CBL Mariner 1.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 cm1 kernel 5.10.131.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.123.1-1 on CBL Mariner 1.0 cm1 moby-runc 1.1.2+azure-1 on CBL Mariner 1.0 cbl2 moby-runc 1.1.2-2 on CBL Mariner 2.0 cm1 kernel 5.10.116.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.37.1-2 on CBL Mariner 2.0 cm1 libtiff 4.4.0-1 on CBL Mariner 1.0 cbl2 libtiff 4.3.0-2 on CBL Mariner 2.0 cm1 vim 8.2.4763-1 on CBL Mariner 1.0 cbl2 kernel 5.15.41.1-1 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-38 on CBL Mariner 1.0 cbl2 qemu 6.2.0-2 on CBL Mariner 2.0 cbl2 vim 8.2.4743-1 on CBL Mariner 2.0 cm1 bind 9.16.27-1 on CBL Mariner 1.0 cbl2 bind 9.16.29-1 on CBL Mariner 2.0 cm1 vim 8.2.4563-1 on CBL Mariner 1.0 cm1 kernel 5.10.109.1-2 on CBL Mariner 1.0 cm1 openssl 1.1.1k-9 on CBL Mariner 1.0 cbl2 openssl 1.1.1k-12 on CBL Mariner 2.0 cbl2 kernel 5.15.26.1-2 on CBL Mariner 2.0 cm1 httpd 2.4.53-1 on CBL Mariner 1.0 cbl2 httpd 2.4.53-1 on CBL Mariner 2.0 cm1 kernel 5.10.102.1-3 on CBL Mariner 1.0 cm1 libtiff 4.1.0-3 on CBL Mariner 1.0 cm1 moby-containerd 1.5.9+azure-3 on CBL Mariner 1.0 cm1 golang 1.16.15-1 on CBL Mariner 1.0 cbl2 golang 1.17.8-1 on CBL Mariner 2.0 cm1 qt5-qtsvg 5.12.11-3 on CBL Mariner 1.0 cm1 kernel 5.10.102.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.26.1-1 on CBL Mariner 2.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 azl3 rust regex-1.8.4 on Azure Linux 3.0 azl3 librsvg2 2.58.1-1 on Azure Linux 3.0 azl3 re2c 3.1-4 on Azure Linux 3.0 azl3 grub2 2.06-14 on Azure Linux 3.0 cm1 python2 2.7.18-10 on CBL Mariner 1.0 cm1 vsftpd 3.0.5-1 on CBL Mariner 1.0 cm1 nginx 1.20.1-3 on CBL Mariner 1.0 cbl2 sendmail 8.15.2-46 on CBL Mariner 2.0 cbl2 vsftpd 3.0.5-1 on CBL Mariner 2.0 cbl2 nginx 1.20.2-2 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-39 on CBL Mariner 1.0 cm1 openssh 8.9p1-1 on CBL Mariner 1.0 cm1 python3 3.7.11-1 on CBL Mariner 1.0 cm1 postgresql 12.7-2 on CBL Mariner 1.0 cbl2 postgresql 14.2-1 on CBL Mariner 2.0 cm1 ansible 2.9.27-1 on CBL Mariner 1.0 cm1 grub2 2.06~rc1-8 on CBL Mariner 1.0 cbl2 grub2 2.06-5 on CBL Mariner 2.0 cm1 cockpit 248-3 on CBL Mariner 1.0 cm1 postgresql 12.8-1 on CBL Mariner 1.0 cm1 libvirt 6.1.0-5 on CBL Mariner 1.0 azl3 ntopng 5.2.1-5 on Azure Linux 3.0 azl3 memcached 1.6.27-3 on Azure Linux 3.0 cbl2 lua 5.4.4-1 on CBL Mariner 2.0 cbl2 wavpack 5.6.0-1 on CBL Mariner 2.0 cbl2 haproxy 2.4.13-1 on CBL Mariner 2.0 cbl2 libarchive 3.6.1-1 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-1 on CBL Mariner 2.0 cbl2 fish on CBL Mariner 2.0 cbl2 nbdkit on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 grub2 2.06-23 on Azure Linux 3.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 python-tensorboard 2.11.0-3 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 azl3 librsvg2 2.50.3-4 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 azl3 cloud-hypervisor 37.0-2 on Azure Linux 3.0 cbl2 cloud-hypervisor-cvm 38.0.72-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72-2 on Azure Linux 3.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 cbl2 cri-o 1.21.7-3 on CBL Mariner 2.0 azl3 boost 1.83.0-2 on Azure Linux 3.0 cbl2 ntopng 5.2.1-3 on CBL Mariner 2.0 cbl2 memcached 1.6.22-2 on CBL Mariner 2.0 cbl2 perl 5.34.1-490 on CBL Mariner 2.0 azl3 grpc 1.42.0-7 on Azure Linux 3.0 azl3 ntopng 5.2.1-6 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw an attempt to use more buffer than is allocated triggers a BUG_ON issue leading to a denial of service (DOS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0322 Incorrect Type Conversion or Cast 18454-16820 18454-16820 Moderate 18454-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-04-09T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0433 NULL Pointer Dereference 18768-16820 18720-16823 18768-16820 18720-16823 Moderate 18768-16820 Moderate 18720-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18768-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18720-16823 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-03-17T00:00:00 <p>Information published.</p> A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0435 Out-of-bounds Write 18454-16820 18720-16823 18454-16820 18720-16823 Important 18454-16820 Important 18720-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw under certain circumstances allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0492 Missing Authorization 18768-16820 18765-16823 18768-16820 18765-16823 Important 18768-16820 Important 18765-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18768-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18765-16823 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases CBL-Mariner Releases 18765-16823 No Security Update 5.15.26.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18765-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0494 Use of Uninitialized Resource 18719-16820 18720-16823 18719-16820 18720-16823 Moderate 18719-16820 Moderate 18720-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 18719-16820 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 18720-16823 CBL-Mariner Releases 18719-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18719-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0516 Exposure of Sensitive Information to an Unauthorized Actor 18768-16820 18476-16823 18768-16820 18476-16823 Important 18768-16820 Important 18476-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18768-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18476-16823 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-17T00:00:00 <p>Information published.</p> A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0711 Loop with Unreachable Exit Condition ('Infinite Loop') 19485-16823 19485-16823 Important 19485-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19485-16823 CBL-Mariner Releases 19485-16823 No Security Update 2.4.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19485-16823 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> Memory leak in ICMP6 in Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-0742 Missing Release of Memory after Effective Lifetime 17993-16820 18476-16823 17993-16820 18476-16823 Important 17993-16820 Important 18476-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17993-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18476-16823 CBL-Mariner Releases 17993-16820 No Security Update 5.10.168.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17993-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-26T00:00:00 <p>Information published.</p> Infinite loop in BN_mod_sqrt() reachable when parsing certificates <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2022-0778 Loop with Unreachable Exit Condition ('Infinite Loop') 17013-17084 17012-17084 19686-17084 19671-17084 18763-16820 18764-16823 18131-17084 17859-17084 17013-17084 17012-17084 19686-17084 19671-17084 18763-16820 18764-16823 18131-17084 17859-17084 Important 17013-17084 Important 17012-17084 Important 19686-17084 Important 19671-17084 Important 18763-16820 Important 18764-16823 Important 18131-17084 Important 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17013-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17012-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18763-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18764-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18131-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17859-17084 CBL-Mariner Releases 18763-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18763-16820 CBL-Mariner Releases CBL-Mariner Releases 18764-16823 No Security Update 1.1.1k-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18764-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases 1.0 2022-03-22T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2026-02-18T02:03:08 <p>Information published.</p> A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0847 Improper Initialization 18781-16823 18781-16823 Important 18781-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18781-16823 CBL-Mariner Releases 18781-16823 No Security Update 5.15.26.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18781-16823 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A memory leak flaw was found in the Linux kernel’s DMA subsystem in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0854 Missing Release of Memory after Effective Lifetime 18667-16820 18720-16823 18667-16820 18720-16823 Moderate 18667-16820 Moderate 18720-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18667-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18720-16823 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-03-31T00:00:00 <p>Information published.</p> Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180045. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0865 Reachable Assertion 18728-16823 18728-16823 Moderate 18728-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential information disclosure or any other context-dependent impact <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0891 Out-of-bounds Write 18769-16820 18728-16823 18769-16820 18728-16823 Important 18769-16820 Important 18728-16823 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 18769-16820 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 18728-16823 CBL-Mariner Releases 18769-16820 No Security Update 4.1.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18769-16820 CBL-Mariner Releases CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0908 NULL Pointer Dereference 18727-16820 18728-16823 18727-16820 18728-16823 Moderate 18727-16820 Moderate 18728-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18727-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18727-16820 No Security Update 4.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18727-16820 CBL-Mariner Releases CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added libtiff to CBL-Mariner 1.0</p> Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f8d0f9aa. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0909 Divide By Zero 18728-16823 18728-16823 Moderate 18728-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 408976c4. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0924 Out-of-bounds Read 18728-16823 18728-16823 Moderate 18728-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state potentially allowing a local user to gain privileged access or cause a denial of service on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0995 Out-of-bounds Write 18454-16820 18455-16823 18454-16820 18455-16823 Important 18454-16820 Important 18455-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18455-16823 CBL-Mariner Releases 18454-16820 18455-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 18455-16823 CBL-Mariner Releases 1.0 2022-04-01T00:00:00 <p>Information published.</p> An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0998 Integer Overflow or Wraparound 18454-16820 18720-16823 18454-16820 18720-16823 Important 18454-16820 Important 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated potentially leading to a use-after-free condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1050 Use After Free 18756-16820 18757-16823 18756-16820 18757-16823 Important 18756-16820 Important 18757-16823 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18756-16820 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18757-16823 CBL-Mariner Releases 18756-16820 No Security Update 4.2.0-38 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18756-16820 CBL-Mariner Releases CBL-Mariner Releases 18757-16823 No Security Update 6.2.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18757-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-1055 Use After Free 18454-16820 18455-16823 18454-16820 18455-16823 Important 18454-16820 Important 18455-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18455-16823 CBL-Mariner Releases 18454-16820 18455-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 18455-16823 CBL-Mariner Releases 1.0 2022-04-07T00:00:00 <p>Information published.</p> 1.1 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Use after free in utf_ptr2char in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1154 Use After Free 18741-16820 18758-16823 18741-16820 18758-16823 Important 18741-16820 Important 18758-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18741-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18758-16823 CBL-Mariner Releases 18741-16820 No Security Update 8.2.4763-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18741-16820 CBL-Mariner Releases CBL-Mariner Releases 18758-16823 No Security Update 8.2.4743-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18758-16823 CBL-Mariner Releases 1.0 2022-04-05T00:00:00 <p>Information published.</p> mod_lua Use of uninitialized value of in r:parsebody <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2022-22719 Improper Initialization 18766-16820 18767-16823 18766-16820 18767-16823 Important 18766-16820 Important 18767-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18766-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18767-16823 CBL-Mariner Releases 18766-16820 18767-16823 No Security Update 2.4.53-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18766-16820 18767-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2022-22720 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 18766-16820 18767-16823 18766-16820 18767-16823 Critical 18766-16820 Critical 18767-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18766-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18767-16823 CBL-Mariner Releases 18766-16820 18767-16823 No Security Update 2.4.53-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18766-16820 18767-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2022-22721 Integer Overflow or Wraparound 18766-16820 18767-16823 18766-16820 18767-16823 Critical 18766-16820 Critical 18767-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 18766-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 18767-16823 CBL-Mariner Releases 18766-16820 18767-16823 No Security Update 2.4.53-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18766-16820 18767-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> mod_sed: Read/write beyond bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2022-23943 Out-of-bounds Write 18766-16820 18767-16823 18766-16820 18767-16823 Critical 18766-16820 Critical 18767-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18766-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18767-16823 CBL-Mariner Releases 18766-16820 18767-16823 No Security Update 2.4.53-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18766-16820 18767-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> Regular expression denial of service in Rust's regex crate <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24713 Inefficient Regular Expression Complexity 19743-17084 18816-17084 17811-17084 18817-17084 18815-17084 19671-17084 19686-17084 19743-17084 18816-17084 17811-17084 18817-17084 18815-17084 19671-17084 19686-17084 Important 19743-17084 Important 18816-17084 Important 17811-17084 Important 18817-17084 Important 18815-17084 Important 19671-17084 Important 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19743-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18816-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17811-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18817-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 19743-17084 18817-17084 No Security Update 2.58.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19743-17084 18817-17084 CBL-Mariner Releases CBL-Mariner Releases 18816-17084 No Security Update regex-1.8.4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18816-17084 CBL-Mariner Releases CBL-Mariner Releases 17811-17084 18815-17084 No Security Update 2024.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17811-17084 18815-17084 CBL-Mariner Releases CBL-Mariner Releases 19671-17084 19686-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19671-17084 19686-17084 CBL-Mariner Releases 2.2 2026-02-18T14:08:58 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> Default inheritable capabilities for linux container should be empty <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24769 Incorrect Permission Assignment for Critical Resource 18701-16820 18702-16823 18701-16820 18702-16823 Moderate 18701-16820 Moderate 18702-16823 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 18701-16820 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 18702-16823 CBL-Mariner Releases 18701-16820 No Security Update 1.1.2+azure-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18701-16820 CBL-Mariner Releases CBL-Mariner Releases 18702-16823 No Security Update 1.1.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18702-16823 CBL-Mariner Releases 1.0 2022-05-14T00:00:00 <p>Information published.</p> Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-25634 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 18773-16820 16857-16823 19737-17086 17384-17086 18773-16820 16857-16823 19737-17086 17384-17086 Important 18773-16820 Important 16857-16823 19737-17086 Important 17384-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18773-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 16857-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19737-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17384-17086 CBL-Mariner Releases 18773-16820 16857-16823 No Security Update 5.12.11-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18773-16820 16857-16823 CBL-Mariner Releases 1.0 2022-03-10T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:25:20 <p>Information published.</p> Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-26280 Out-of-bounds Read 19498-16823 19498-16823 Moderate 19498-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 19498-16823 CBL-Mariner Releases 19498-16823 No Security Update 3.6.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19498-16823 CBL-Mariner Releases 1.0 2022-04-06T00:00:00 <p>Information published.</p> A flaw was found in the vhost-vsock device of QEMU. In case of error an invalid element was not detached from the virtqueue before freeing its memory leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-26354 Missing Release of Resource after Effective Lifetime 18533-16820 18757-16823 18535-17084 18533-16820 18757-16823 18535-17084 Low 18533-16820 Low 18757-16823 Low 18535-17084 3.2 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 18533-16820 3.2 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 18757-16823 3.2 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 18757-16823 No Security Update 6.2.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18757-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-26490 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18762-16820 18476-16823 18762-16820 18476-16823 Important 18762-16820 Important 18476-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18762-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18476-16823 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-12T00:00:00 <p>Information published.</p> drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-26878 Missing Release of Memory after Effective Lifetime 18762-16820 18476-16823 18762-16820 18476-16823 Moderate 18762-16820 Moderate 18476-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18762-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18476-16823 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-23T00:00:00 <p>Information published.</p> A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-27666 Out-of-bounds Write 17993-16820 18454-16820 17995-16823 18455-16823 17993-16820 18454-16820 17995-16823 18455-16823 Important 17993-16820 Important 18454-16820 Important 17995-16823 Important 18455-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17993-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17995-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18455-16823 CBL-Mariner Releases 17993-16820 No Security Update 5.10.168.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17993-16820 CBL-Mariner Releases CBL-Mariner Releases 18454-16820 17995-16823 18455-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 17995-16823 18455-16823 CBL-Mariner Releases 1.0 2022-03-30T00:00:00 <p>Information published.</p> 1.1 2023-02-07T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11 a memory leak exists for a certain hid_parse error condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-27950 Missing Release of Memory after Effective Lifetime 18454-16820 18720-16823 18454-16820 18720-16823 Moderate 18454-16820 Moderate 18720-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18454-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18720-16823 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-06T00:00:00 <p>Information published.</p> An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-20257 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 18887-16820 18757-16823 18887-16820 18757-16823 Moderate 18887-16820 Moderate 18757-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18887-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18757-16823 CBL-Mariner Releases 18887-16820 No Security Update 4.2.0-39 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18887-16820 CBL-Mariner Releases CBL-Mariner Releases 18757-16823 No Security Update 6.2.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18757-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it an attacker could replace later fragments with their own data bypassing the signature requirements. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-23192 Improper Input Validation 16864-17084 16864-17084 Important 16864-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-23214 Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) 18890-16820 18891-16823 18890-16820 18891-16823 Important 18890-16820 Important 18891-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18890-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18891-16823 CBL-Mariner Releases 18890-16820 No Security Update 12.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18890-16820 CBL-Mariner Releases CBL-Mariner Releases 18891-16823 No Security Update 14.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18891-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3602 Improper Removal of Sensitive Information Before Storage or Transfer 17367-16823 19839-17086 17367-16823 19839-17086 Moderate 17367-16823 Moderate 19839-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17367-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19839-17086 CBL-Mariner Releases 17367-16823 19839-17086 No Security Update 1.21.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17367-16823 19839-17086 CBL-Mariner Releases 1.0 2024-04-15T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:21:51 <p>Information published.</p> ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3618 Improper Certificate Validation 18882-16820 18883-16820 18884-16823 18885-16823 18886-16823 18882-16820 18883-16820 18884-16823 18885-16823 18886-16823 Important 18882-16820 Important 18883-16820 Important 18884-16823 Important 18885-16823 Important 18886-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18882-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18883-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18884-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18885-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18886-16823 CBL-Mariner Releases 18882-16820 18885-16823 No Security Update 3.0.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18882-16820 18885-16823 CBL-Mariner Releases CBL-Mariner Releases 18883-16820 No Security Update 1.20.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18883-16820 CBL-Mariner Releases CBL-Mariner Releases 18884-16823 No Security Update 8.15.2-46 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18884-16823 CBL-Mariner Releases CBL-Mariner Releases 18886-16823 No Security Update 1.20.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18886-16823 CBL-Mariner Releases 1.0 2022-04-05T00:00:00 <p>Information published.</p> An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose and an attacker has silently modified the server to support the None authentication option then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass since nothing is being bypassed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-36368 Improper Authentication 18888-16820 17826-16823 18888-16820 17826-16823 Low 18888-16820 Low 17826-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 18888-16820 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 17826-16823 CBL-Mariner Releases 18888-16820 17826-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18888-16820 17826-16823 CBL-Mariner Releases 1.0 2022-03-20T00:00:00 <p>Information published.</p> An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3638 Out-of-bounds Write 18887-16820 18757-16823 18887-16820 18757-16823 Moderate 18887-16820 Moderate 18757-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18887-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18757-16823 CBL-Mariner Releases 18887-16820 No Security Update 4.2.0-39 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18887-16820 CBL-Mariner Releases CBL-Mariner Releases 18757-16823 No Security Update 6.2.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18757-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3640 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18768-16820 18768-16820 Important 18768-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18768-16820 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases 1.0 2022-03-17T00:00:00 <p>Information published.</p> Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3660 Improper Restriction of Rendered UI Layers or Frames 18895-16820 18895-16820 Moderate 18895-16820 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 18895-16820 CBL-Mariner Releases 18895-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18895-16820 CBL-Mariner Releases 1.0 2022-03-15T00:00:00 <p>Information published.</p> A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0 the known versions of this attack are infeasible. However undiscovered variants of the attack may be independent of that setting. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3677 Exposure of Sensitive Information to an Unauthorized Actor 18896-16820 18891-16823 18896-16820 18891-16823 Moderate 18896-16820 Moderate 18891-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18896-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18891-16823 CBL-Mariner Releases 18896-16820 No Security Update 12.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18896-16820 CBL-Mariner Releases CBL-Mariner Releases 18891-16823 No Security Update 14.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18891-16823 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3732 Exposure of Sensitive Information to an Unauthorized Actor 18768-16820 18768-16820 Moderate 18768-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18768-16820 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases 1.0 2022-03-15T00:00:00 <p>Information published.</p> There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3733 Uncontrolled Resource Consumption 18878-16820 18878-16820 Moderate 18878-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18878-16820 CBL-Mariner Releases 18878-16820 No Security Update 2.7.18-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18878-16820 CBL-Mariner Releases 1.0 2022-06-02T00:00:00 <p>Information published.</p> A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop consuming CPU time. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3737 Uncontrolled Resource Consumption 18889-16820 18889-16820 Important 18889-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18889-16820 CBL-Mariner Releases 18889-16820 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18889-16820 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3739 NULL Pointer Dereference 18768-16820 18768-16820 Important 18768-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18768-16820 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases 1.0 2022-03-15T00:00:00 <p>Information published.</p> An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3743 Out-of-bounds Read 18765-16823 18765-16823 Important 18765-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18765-16823 CBL-Mariner Releases 18765-16823 No Security Update 5.15.26.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18765-16823 CBL-Mariner Releases 1.0 2022-03-12T00:00:00 <p>Information published.</p> A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3744 Missing Release of Memory after Effective Lifetime 18780-16820 18780-16820 Moderate 18780-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18780-16820 CBL-Mariner Releases 18780-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18780-16820 CBL-Mariner Releases 1.0 2022-03-12T00:00:00 <p>Information published.</p> A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3772 Improper Validation of Integrity Check Value 18762-16820 18762-16820 Moderate 18762-16820 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 18762-16820 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A flaw in grub2 was found where its configuration file known as grub.cfg is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3981 Incorrect Default Permissions 18893-16820 18894-16823 18842-17084 19663-17084 18893-16820 18894-16823 18842-17084 19663-17084 Low 18893-16820 Low 18894-16823 Low 18842-17084 Low 19663-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18893-16820 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18894-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18842-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19663-17084 CBL-Mariner Releases 18893-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18893-16820 CBL-Mariner Releases CBL-Mariner Releases 18894-16823 No Security Update 2.06-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18894-16823 CBL-Mariner Releases CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.2 2026-02-19T01:01:42 <p>Information published.</p> 1.0 2022-03-15T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4002 Missing Release of Memory after Effective Lifetime 18762-16820 18476-16823 18762-16820 18476-16823 Moderate 18762-16820 Moderate 18476-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 18762-16820 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 18476-16823 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-17T00:00:00 <p>Information published.</p> A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4023 Exposure of Sensitive Information to an Unauthorized Actor 18454-16820 18454-16820 Moderate 18454-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4148 Improper Validation of Integrity Check Value 18454-16820 18454-16820 Moderate 18454-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-03-31T00:00:00 <p>Information published.</p> A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4149 Improper Locking 18454-16820 18454-16820 Moderate 18454-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-03-31T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4150 Use After Free 18719-16820 18719-16820 Moderate 18719-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18719-16820 CBL-Mariner Releases 18719-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18719-16820 CBL-Mariner Releases 1.0 2022-03-31T00:00:00 <p>Information published.</p> An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user having access to the NFS mount could potentially use this flaw to crash the system or escalate privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4157 Improper Restriction of Operations within the Bounds of a Memory Buffer 18454-16820 18454-16820 Important 18454-16820 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-04-09T00:00:00 <p>Information published.</p> An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4197 Improper Authentication 18719-16820 18720-16823 18719-16820 18720-16823 Important 18719-16820 Important 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18719-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18719-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18719-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-03-31T00:00:00 <p>Information published.</p> Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-44964 Use After Free 19468-16823 19878-17086 19882-17086 19082-17084 19084-17084 20791-17084 19468-16823 19878-17086 19882-17086 19082-17084 19084-17084 20791-17084 Moderate 19468-16823 Moderate 19878-17086 Moderate 19882-17086 Moderate 19082-17084 Moderate 19084-17084 Moderate 20791-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 19468-16823 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 19878-17086 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 19882-17086 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 19082-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 19084-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 20791-17084 CBL-Mariner Releases 19468-16823 No Security Update 5.4.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19468-16823 CBL-Mariner Releases CBL-Mariner Releases 19878-17086 No Security Update 5.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19878-17086 CBL-Mariner Releases CBL-Mariner Releases 19882-17086 No Security Update 1.6.22-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19882-17086 CBL-Mariner Releases CBL-Mariner Releases 19082-17084 20791-17084 No Security Update 5.2.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19082-17084 20791-17084 CBL-Mariner Releases 3.0 2025-12-31T01:35:10 <p>Information published.</p> 5.0 2026-01-13T01:36:07 <p>Information published.</p> 5.1 2026-02-18T14:16:53 <p>Information published.</p> 1.0 2022-03-21T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added memcached to CBL-Mariner 2.0 Added ntopng to CBL-Mariner 2.0 Added lua to CBL-Mariner 2.0</p> 2.1 2025-11-19T01:47:01 <p>Information published.</p> 4.0 2026-01-08T14:35:59 <p>Information published.</p> In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-45868 Use After Free 18762-16820 18762-16820 Moderate 18762-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18762-16820 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases 1.0 2022-03-24T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernels implementation of audit rules where a syscall can unexpectedly not be correctly not be logged by the audit subsystem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-35501 Incorrect Authorization 18719-16820 18752-16823 18719-16820 18752-16823 Low 18719-16820 Low 18752-16823 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 18719-16820 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 18752-16823 CBL-Mariner Releases 18719-16820 18752-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18719-16820 18752-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> zlib before 1.2.12 allows memory corruption when deflating (i.e. when compressing) if the input has many distant matches. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2018-25032 Out-of-bounds Write 16825-17084 16982-17084 19783-17084 19746-17084 19693-17084 19801-17086 19807-17084 19662-17086 17093-17086 16968-16820 16969-16820 16970-16820 16971-16820 16972-16820 16973-16820 16947-16820 16974-16820 16975-16820 16976-16820 16977-16823 16978-16823 16979-16823 16980-16823 16981-16823 16825-16817 16982-16817 19842-17084 17879-17084 20279-17084 19712-17086 19814-17086 19666-17084 19954-17086 17459-17084 19671-17084 19686-17084 16825-17084 16982-17084 19783-17084 19746-17084 19693-17084 19801-17086 19807-17084 19662-17086 17093-17086 16968-16820 16969-16820 16970-16820 16971-16820 16972-16820 16973-16820 16947-16820 16974-16820 16975-16820 16976-16820 16977-16823 16978-16823 16979-16823 16980-16823 16981-16823 16825-16817 16982-16817 19842-17084 17879-17084 20279-17084 19712-17086 19814-17086 19666-17084 19954-17086 17459-17084 19671-17084 19686-17084 Important 16825-17084 Important 16982-17084 Important 19783-17084 Important 19746-17084 Important 19693-17084 Important 19801-17086 Important 19807-17084 19662-17086 Important 17093-17086 Important 16968-16820 Important 16969-16820 Important 16970-16820 Important 16971-16820 Important 16972-16820 Important 16973-16820 Important 16947-16820 Important 16974-16820 Important 16975-16820 Important 16976-16820 Important 16977-16823 Important 16978-16823 Important 16979-16823 Important 16980-16823 Important 16981-16823 Important 16825-16817 Important 16982-16817 Important 19842-17084 Important 17879-17084 Important 20279-17084 Important 19712-17086 Important 19814-17086 Important 19666-17084 Important 19954-17086 Important 17459-17084 Important 19671-17084 Important 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16825-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16982-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19783-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19746-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19801-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19807-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16968-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16969-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16970-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16971-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16972-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16973-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16947-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16974-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16975-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16976-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16977-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16978-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16979-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16980-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16981-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16825-16817 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16982-16817 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19842-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17879-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20279-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19814-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19666-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19954-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 16825-17084 16825-16817 No Security Update 2.5.12-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16825-17084 16825-16817 CBL-Mariner Releases CBL-Mariner Releases 16982-17084 16977-16823 16982-16817 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16982-17084 16977-16823 16982-16817 CBL-Mariner Releases CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 16968-16820 No Security Update 1.8.0.332-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16968-16820 CBL-Mariner Releases CBL-Mariner Releases 16969-16820 16978-16823 No Security Update 8.6.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16969-16820 16978-16823 CBL-Mariner Releases CBL-Mariner Releases 16970-16820 No Security Update 2.7.18-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16970-16820 CBL-Mariner Releases CBL-Mariner Releases 16971-16820 No Security Update 1.35.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16971-16820 CBL-Mariner Releases CBL-Mariner Releases 16972-16820 No Security Update 24.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16972-16820 CBL-Mariner Releases CBL-Mariner Releases 16973-16820 No Security Update 3.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16973-16820 CBL-Mariner Releases CBL-Mariner Releases 16947-16820 No Security Update 1.66.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16947-16820 CBL-Mariner Releases CBL-Mariner Releases 16974-16820 No Security Update 3.7.13-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16974-16820 CBL-Mariner Releases CBL-Mariner Releases 16975-16820 No Security Update 10.3.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16975-16820 CBL-Mariner Releases CBL-Mariner Releases 16976-16820 16981-16823 No Security Update 1.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16976-16820 16981-16823 CBL-Mariner Releases CBL-Mariner Releases 16979-16823 No Security Update 7.93-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16979-16823 CBL-Mariner Releases CBL-Mariner Releases 16980-16823 No Security Update 1.76.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16980-16823 CBL-Mariner Releases CBL-Mariner Releases 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 CBL-Mariner Releases CBL-Mariner Releases 20279-17084 No Security Update 1.62.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20279-17084 CBL-Mariner Releases CBL-Mariner Releases 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19666-17084 CBL-Mariner Releases CBL-Mariner Releases 19671-17084 No Security Update 1.75.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19671-17084 CBL-Mariner Releases 3.0 2026-02-18T15:06:05 <p>Information published.</p> 1.0 2022-03-31T00:00:00 <p>Information published.</p> 1.1 2022-09-17T00:00:00 <p>Added mariadb to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0</p> 1.2 2023-04-17T00:00:00 <p>Added tcl to CBL-Mariner 1.0</p> 1.3 2023-04-18T00:00:00 <p>Added boost to CBL-Mariner 2.0</p> 1.4 2023-04-19T00:00:00 <p>Added nmap to CBL-Mariner 2.0 Added tcl to CBL-Mariner 2.0</p> 1.5 2024-06-30T07:00:00 <p>Information published.</p> 1.6 2024-07-13T00:00:00 <p>Information published.</p> 1.7 2024-08-29T00:00:00 <p>Information published.</p> 1.8 2024-08-30T00:00:00 <p>Information published.</p> 1.9 2024-08-31T00:00:00 <p>Information published.</p> 2.0 2024-09-01T00:00:00 <p>Information published.</p> 2.1 2024-09-02T00:00:00 <p>Information published.</p> 2.2 2024-09-03T00:00:00 <p>Information published.</p> 2.3 2024-09-05T00:00:00 <p>Information published.</p> 2.4 2024-09-06T00:00:00 <p>Information published.</p> 2.5 2024-09-07T00:00:00 <p>Information published.</p> 2.6 2024-09-08T00:00:00 <p>Information published.</p> 2.7 2024-09-11T00:00:00 <p>Information published.</p> 2.8 2025-03-14T00:00:00 <p>Added teckit to Azure Linux 3.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added grpc to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added qt5-qtbase to CBL-Mariner 2.0 Added boost to CBL-Mariner 2.0 Added nmap to CBL-Mariner 2.0 Added tcl to CBL-Mariner 2.0 Added zlib to CBL-Mariner 2.0 Added nmap to CBL-Mariner 1.0 Added boost to CBL-Mariner 1.0 Added erlang to CBL-Mariner 1.0 Added tcl to CBL-Mariner 1.0 Added zlib to CBL-Mariner 1.0 Added mariadb to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0</p> Injection in fish <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-20001 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 19640-16823 19640-16823 Important 19640-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19640-16823 CBL-Mariner Releases 19640-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19640-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:14 <p>Information published.</p> A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-23901 Out-of-bounds Write 18824-17084 18824-17084 Critical 18824-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18824-17084 CBL-Mariner Releases 18824-17084 No Security Update 3.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18824-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> Use after free in Wasmtime <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24791 Use After Free 19671-17084 19686-17084 19671-17084 19686-17084 Important 19671-17084 Important 19686-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19686-17084 1.1 2026-02-21T02:30:09 <p>Information published.</p> 1.0 2025-09-03T22:34:55 <p>Information published.</p> A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-43666 19662-17086 17093-17086 17459-17084 19662-17086 17093-17086 17459-17084 19662-17086 Important 17093-17086 Important 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 1.0 2025-09-04T00:22:28 <p>Information published.</p> 2.0 2026-02-18T02:12:54 <p>Information published.</p> Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2021-38578 Buffer Underwrite (&#39;Buffer Underflow&#39;) 17093-17086 19662-17086 17093-17086 19662-17086 Important 17093-17086 19662-17086 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L 17093-17086 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L 19662-17086 1.0 2025-09-04T05:09:29 <p>Information published.</p> 2.0 2026-02-18T02:58:25 <p>Information published.</p> A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0330 Improper Preservation of Permissions 18719-16820 18720-16823 18719-16820 18720-16823 Important 18719-16820 Important 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18719-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18719-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18719-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> DoS from specifically crafted TCP packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2022-0396 Improper Resource Shutdown or Release 18759-16820 18760-16823 18759-16820 18760-16823 Moderate 18759-16820 Moderate 18760-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18759-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18760-16823 CBL-Mariner Releases 18759-16820 No Security Update 9.16.27-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18759-16820 CBL-Mariner Releases CBL-Mariner Releases 18760-16823 No Security Update 9.16.29-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18760-16823 CBL-Mariner Releases 1.0 2022-03-30T00:00:00 <p>Information published.</p> A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0500 Out-of-bounds Write 18454-16820 18720-16823 18454-16820 18720-16823 Important 18454-16820 Important 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f2b656e2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-0907 Unchecked Return Value 18728-16823 18728-16823 Moderate 18728-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow occurs in vim in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-0943 Heap-based Buffer Overflow 18761-16820 18758-16823 18761-16820 18758-16823 Important 18761-16820 Important 18758-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18761-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18758-16823 CBL-Mariner Releases 18761-16820 No Security Update 8.2.4563-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18761-16820 CBL-Mariner Releases CBL-Mariner Releases 18758-16823 No Security Update 8.2.4743-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18758-16823 CBL-Mariner Releases 1.0 2022-03-23T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem resulting in privilege escalation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1011 Use After Free 18685-16820 18476-16823 18685-16820 18476-16823 Important 18685-16820 Important 18476-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18685-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18476-16823 CBL-Mariner Releases 18685-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18685-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-25T00:00:00 <p>Information published.</p> Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 46dc8fcd. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-1056 Out-of-bounds Read 18728-16823 18728-16823 Moderate 18728-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18728-16823 CBL-Mariner Releases 18728-16823 No Security Update 4.3.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18728-16823 CBL-Mariner Releases 1.0 2022-04-05T00:00:00 <p>Information published.</p> heap buffer overflow in get_one_sourceline in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1160 Heap-based Buffer Overflow 18741-16820 18758-16823 18741-16820 18758-16823 Important 18741-16820 Important 18758-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18741-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18758-16823 CBL-Mariner Releases 18741-16820 No Security Update 8.2.4763-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18741-16820 CBL-Mariner Releases CBL-Mariner Releases 18758-16823 No Security Update 8.2.4743-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18758-16823 CBL-Mariner Releases 1.0 2022-04-06T00:00:00 <p>Information published.</p> Insecure handling of image volumes in containerd CRI plugin <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-23648 Exposure of Sensitive Information to an Unauthorized Actor 18770-16820 18770-16820 Important 18770-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18770-16820 CBL-Mariner Releases 18770-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18770-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-24921 Uncontrolled Recursion 19697-17084 18771-16820 18772-16823 17021-17084 19696-17084 19697-17084 18771-16820 18772-16823 17021-17084 19696-17084 Important 19697-17084 Important 18771-16820 Important 18772-16823 Important 17021-17084 Important 19696-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18771-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18772-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17021-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19696-17084 CBL-Mariner Releases 18771-16820 No Security Update 1.16.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18771-16820 CBL-Mariner Releases CBL-Mariner Releases 18772-16823 No Security Update 1.17.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18772-16823 CBL-Mariner Releases CBL-Mariner Releases 17021-17084 19696-17084 No Security Update 2.16.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17021-17084 19696-17084 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2026-02-18T01:13:05 <p>Information published.</p> A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748 which forgot to unmap the cached virtqueue elements on error leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-26353 Missing Release of Resource after Effective Lifetime 18535-17084 18535-17084 Important 18535-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-26966 18762-16820 18765-16823 18762-16820 18765-16823 Moderate 18762-16820 Moderate 18765-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18762-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18765-16823 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases CBL-Mariner Releases 18765-16823 No Security Update 5.15.26.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18765-16823 CBL-Mariner Releases 1.0 2022-03-19T00:00:00 <p>Information published.</p> In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-27223 Improper Validation of Array Index 18762-16820 18476-16823 18762-16820 18476-16823 Important 18762-16820 Important 18476-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18762-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18476-16823 CBL-Mariner Releases 18762-16820 No Security Update 5.10.109.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18762-16820 CBL-Mariner Releases CBL-Mariner Releases 18476-16823 No Security Update 5.15.32.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18476-16823 CBL-Mariner Releases 1.0 2022-03-23T00:00:00 <p>Information published.</p> A man-in-the-middle attacker can inject false responses to the client's first few queries despite the use of SSL certificate verification and encryption. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-23222 Insufficiently Protected Credentials 18890-16820 18891-16823 18890-16820 18891-16823 Moderate 18890-16820 Moderate 18891-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18890-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18891-16823 CBL-Mariner Releases 18890-16820 No Security Update 12.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18890-16820 CBL-Mariner Releases CBL-Mariner Releases 18891-16823 No Security Update 14.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18891-16823 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> DNS forwarders - cache poisoning vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2021-25220 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 18759-16820 18760-16823 18759-16820 18760-16823 Moderate 18759-16820 Moderate 18760-16823 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N 18759-16820 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N 18760-16823 CBL-Mariner Releases 18759-16820 No Security Update 9.16.27-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18759-16820 CBL-Mariner Releases CBL-Mariner Releases 18760-16823 No Security Update 9.16.29-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18760-16823 CBL-Mariner Releases 1.0 2022-03-30T00:00:00 <p>Information published.</p> .A flaw was found in the CAN BCM networking protocol in the Linux kernel where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3609 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 18780-16820 18780-16820 Important 18780-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18780-16820 CBL-Mariner Releases 18780-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18780-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A flaw was found in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3620 Generation of Error Message Containing Sensitive Information 18892-16820 18892-16820 Moderate 18892-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18892-16820 CBL-Mariner Releases 18892-16820 No Security Update 2.9.27-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18892-16820 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3631 Incorrect Permission Assignment for Critical Resource 18897-16820 18897-16820 Moderate 18897-16820 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 18897-16820 CBL-Mariner Releases 18897-16820 No Security Update 6.1.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18897-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result the L2 guest would be allowed to read/write physical pages of the host resulting in a crash of the entire system leak of sensitive data or potential guest-to-host escape. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3656 Missing Authorization 18780-16820 18780-16820 Important 18780-16820 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 18780-16820 CBL-Mariner Releases 18780-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18780-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3667 Improper Locking 18897-16820 18897-16820 Moderate 18897-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18897-16820 CBL-Mariner Releases 18897-16820 No Security Update 6.1.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18897-16820 CBL-Mariner Releases 1.0 2022-03-11T00:00:00 <p>Information published.</p> A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3698 Improper Certificate Validation 18895-16820 18895-16820 Important 18895-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18895-16820 CBL-Mariner Releases 18895-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18895-16820 CBL-Mariner Releases 1.0 2022-03-15T00:00:00 <p>Information published.</p> In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared the user credentials state was only pointed at and when one connection within that association group ended the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3738 Use After Free 16864-17084 16864-17084 Important 16864-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU resulting in a denial of service condition or potentially execute code on the host with the privileges of the QEMU process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3748 Use After Free 18887-16820 18757-16823 18887-16820 18757-16823 Important 18887-16820 Important 18757-16823 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 18887-16820 7.5 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 18757-16823 CBL-Mariner Releases 18887-16820 No Security Update 4.2.0-39 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18887-16820 CBL-Mariner Releases CBL-Mariner Releases 18757-16823 No Security Update 6.2.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18757-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4095 NULL Pointer Dereference 18768-16820 18720-16823 18768-16820 18720-16823 Moderate 18768-16820 Moderate 18720-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18768-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18720-16823 CBL-Mariner Releases 18768-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18768-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed leading to a privilege escalation problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4202 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18454-16820 18720-16823 18454-16820 18720-16823 Important 18454-16820 Important 18720-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18454-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-04-08T00:00:00 <p>Information published.</p> 1.1 2022-04-09T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw an attacker with a user privileges may crash the system or leak internal kernel information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-4203 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18454-16820 18454-16820 Moderate 18454-16820 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 18454-16820 CBL-Mariner Releases 18454-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18454-16820 CBL-Mariner Releases 1.0 2022-04-09T00:00:00 <p>Information published.</p> An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c tainted variable cnt is too large that makes pointer sptr read beyond heap bound. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-44269 Out-of-bounds Read 19469-16823 19469-16823 Moderate 19469-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19469-16823 CBL-Mariner Releases 19469-16823 No Security Update 5.6.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19469-16823 CBL-Mariner Releases 1.0 2022-03-16T00:00:00 <p>Information published.</p> A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3716 Improper Enforcement of Message Integrity During Transmission in a Communication Channel 19647-16823 19647-16823 Low 19647-16823 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 19647-16823 CBL-Mariner Releases 19647-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19647-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:11 <p>Information published.</p> A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-0811 Improper Control of Generation of Code (&#39;Code Injection&#39;) 19511-16823 19777-17086 19511-16823 19777-17086 Important 19511-16823 Important 19777-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19511-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19777-17086 CBL-Mariner Releases 19511-16823 No Security Update 1.22.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19511-16823 CBL-Mariner Releases CBL-Mariner Releases 19777-17086 No Security Update 1.21.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19777-17086 CBL-Mariner Releases 1.0 2025-09-03T21:19:43 <p>Information published.</p> 1.1 2026-02-18T01:48:53 <p>Information published.</p> HTTP Request Smuggling in waitress <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24761 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 17597-17084 17597-17084 Important 17597-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17597-17084 CBL-Mariner Releases 17597-17084 No Security Update 3.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17597-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> Media Foundation Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-21977 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11570 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11712 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11713 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11714 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11896 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11897 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11898 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11801 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11802 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11803 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11926 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11927 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10481 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10482 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10484 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 11929 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 11929 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 <a href="https://milotruck.github.io/">Brandon Chong Wee Kiat</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-08T08:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.2 2022-03-16T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Remote Desktop Client Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Windows Remote Desktop Microsoft Yes CVE-2022-21990 11568 11569 11570 11571 11572 11712 11713 11714 11849 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11849 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11849 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11849 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-122925 11849 Maybe Security Update 1.2.2925.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Defender for IoT Remote Code Execution Vulnerability <p><strong>What version of Microsoft Defender for IoT has the update that protects from this vulnerability?</strong></p> <p>Version 22.1.2 and above.</p> <p><strong>What is the action required to take the update?</strong></p> <p>You need to update to the latest Microsoft Defender for IoT software version. See the <strong>Update the software version section</strong> of <a href="https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version">Manage the on-premises management console</a>.</p> <p><strong>What is Microsoft Defender for IoT?</strong></p> <p>Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See <a href="https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#overview">Microsoft Defender for IoT</a> for more information.</p> Microsoft Defender for IoT Microsoft Yes CVE-2022-23265 11967 Remote Code Execution 11967 Important 11967 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11967 Release Notes https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version 11967 Maybe Security Update 22.1.2 https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/release-notes#march-2022 11967 Release Notes Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Defender for IoT Elevation of Privilege Vulnerability <p><strong>What version of Microsoft Defender for IoT has the update that protects from this vulnerability?</strong></p> <p>Version 22.1.2 and above.</p> <p><strong>What is the action required to take the update?</strong></p> <p>You need to update to the latest Microsoft Defender for IoT software version. See the <strong>Update the software version section</strong> of <a href="https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version">Manage the on-premises management console</a>.</p> <p><strong>What is Microsoft Defender for IoT?</strong></p> <p>Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See <a href="https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#overview">Microsoft Defender for IoT</a> for more information.</p> Microsoft Defender for IoT Microsoft Yes CVE-2022-23266 11967 Elevation of Privilege 11967 Important 11967 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11967 Release Notes https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version 11967 Maybe Security Update 22.1.2 https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/release-notes#march-2022 11967 Release Notes Simon Zuckerbraun of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Inking COM Elevation of Privilege Vulnerability Windows COM Microsoft Yes CVE-2022-23290 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng) & Zesen Ye (@wh1tc)</a> with <a href="https://www.sangfor.com/en">Sangfor</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Microsoft Yes CVE-2022-23291 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 <a href="https://twitter.com/hillstone_lab">He YiSheng, Zhang WangJunJie, and Li WenYue</a> with <a href="https://www.hillstonenet.com/">Hillstone Network Security Research Institute</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows NT OS Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2022-23298 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href=YanZiShuang Of Kunlun Lab & Big CJ Team</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows PDEV Elevation of Privilege Vulnerability <p><strong>What is a Windows PDEV?</strong></p> <p>A Windows PDEV is a logical representation of the physical device. It is characterized by the type of hardware, logical address, and surfaces that can be supported. As an example of a driver supporting a PDEV characterized by the type of hardware, one driver could support the LaserWhiz, LaserWhiz II, and LaserWhiz Super printers.</p> <p>For more information on PDEV management see: <a href="https://docs.microsoft.com/en-us/windows-hardware/drivers/display/managing-pdevs">Managing PDEVs</a>.</p> Windows PDEV Microsoft Yes CVE-2022-23299 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Lucas Leong (@_wmliang_) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.0 2022-03-17T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Raw Image Extension Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>What version of the Raw Image Extension is secure?</strong></p> <p>For Windows 11 operating systems the secure version is 2.1.30391.0 and later. For Windows 10 operating systems the secure version is 2.0.30391.0 and later.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-23300 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Remote Code Execution 11804-11568 Remote Code Execution 11804-11569 Remote Code Execution 11804-11570 Remote Code Execution 11804-11673 Remote Code Execution 11804-11712 Remote Code Execution 11804-11713 Remote Code Execution 11804-11714 Remote Code Execution 11804-11896 Remote Code Execution 11804-11897 Remote Code Execution 11804-11898 Remote Code Execution 11804-11801 Remote Code Execution 11804-11802 Remote Code Execution 11804-11926 Remote Code Execution 11804-11927 Remote Code Execution 11804-11929 Remote Code Execution 11804-11930 Remote Code Execution 11804-11931 Remote Code Execution 11804-10729 Remote Code Execution 11804-10735 Remote Code Execution 11804-10852 Remote Code Execution 11804-10853 Important 11804-11568 Important 11804-11569 Important 11804-11570 Important 11804-11673 Important 11804-11712 Important 11804-11713 Important 11804-11714 Important 11804-11896 Important 11804-11897 Important 11804-11898 Important 11804-11801 Important 11804-11802 Important 11804-11926 Important 11804-11927 Important 11804-11929 Important 11804-11930 Important 11804-11931 Important 11804-10729 Important 11804-10735 Important 11804-10852 Important 11804-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11673 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10853 Update Information 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Maybe Security Update 2.0.30391.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Update Information Update Information 11804-11926 11804-11927 Maybe Security Update 2.1.30391.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11804-11926 11804-11927 Update Information <a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-24T07:00:00 <p>Added platform designations to Security Updates table because the version of the raw extension is different for Windows 10 operating systems and Windows 11 operating systems. This is an informational change only.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-23301 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Important 12010 Important 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-22006 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Critical 12010 Critical 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information Dhanesh Kizhakkinan with Mandiant <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-22007 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Important 12010 Important 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information Dhanesh Kizhakkinan of Mandian 1.0 2022-03-08T08:00:00 <p>Information published.</p> VP9 Video Extensions Remote Code Execution Vulnerability <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>1.0.42791.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.VP9VideoExtensions</code></p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24451 11884 Remote Code Execution 11884 Important 11884 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11884 MS Store Information 11884 Maybe Security Update 1.0.42791.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11884 MS Store Information jackery 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24452 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Important 12010 Important 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24453 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Important 12010 Important 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information Dhanesh Kizhakkinan with Mandiant <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> VP9 Video Extensions Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>1.0.42791.0</strong> and later contain this update. You can check the package version in PowerShell: <code>Get-AppxPackage -Name Microsoft.VP9VideoExtensions</code></p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24501 11884 Remote Code Execution 11884 Critical 11884 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11884 MS Store Information 11884 Maybe Security Update 1.0.42791.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11884 MS Store Information <a href="https://www.linkedin.com/in/mkyselica/">Milan Kyselica</a> with <a href="https://www.istrosec.com/">IstroSec</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows HTML Platforms Security Feature Bypass Vulnerability <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows HTML Platform Microsoft Yes CVE-2022-24502 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 11926 11927 11929 11930 11931 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11568 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11569 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11570 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11571 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11572 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11712 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11713 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11714 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11896 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11897 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11898 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11923 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11924 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11801 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11802 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11803 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10729 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10735 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10852 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10853 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10816 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10855 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10047 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10048 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10481 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10482 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10484 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9312 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10287 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9318 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 9344 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10051 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10049 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10378 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10379 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10483 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10543 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11926 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11927 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11929 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11930 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 11931 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011486 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011486 5006671 10047 10048 10481 10482 9312 9318 10051 10378 10483 Yes IE Cumulative 1.1.0.0 https://support.microsoft.com/help/5011486 10047 10048 10481 10482 9312 9318 10051 10378 10483 5011486 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9344 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10049 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10379 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10543 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 Ben Lichtman 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-07-25T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows Security Support Provider Interface Elevation of Privilege Vulnerability Windows Security Support Provider Interface Microsoft Yes CVE-2022-24454 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/lxf02942370">Xuefeng Li</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Remote Desktop Protocol Client Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Remote Desktop Microsoft Yes CVE-2022-24503 11568 11569 11570 11571 11572 11712 11713 11714 11849 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11849 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11849 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11568 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11569 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11570 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11571 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11572 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11712 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11713 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11714 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11849 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11896 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11897 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11898 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11923 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11924 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11801 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11802 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11803 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11926 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11927 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11929 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11930 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11931 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10729 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10735 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10852 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10853 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10816 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10855 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10047 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10048 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10481 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10482 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10484 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10051 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10049 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10378 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10379 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10483 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-122925 11849 Maybe Security Update 1.2.2925.0 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew 11849 Release Notes 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Steven21 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows CD-ROM Driver Elevation of Privilege Vulnerability Windows CD-ROM Driver Microsoft Yes CVE-2022-24455 11568 11569 11570 11571 11572 11712 11713 11714 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Hugo Cao of SandCastle, LilangWu, Moony Li of mobile security research of Trend Micro <a href="https://twitter.com/waleedassar">Walied Assar</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEVC Video Extensions Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>If your device manufacturer preinstalled this app, package versions <strong>1.0.50361.0</strong> and later contain this update.</p> <p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.50362.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p>`Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24456 12010 11808 Remote Code Execution 12010 Remote Code Execution 11808 Important 12010 Important 11808 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12010 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11808 Update Information 12010 Maybe Security Update 1.0.50361.1 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12010 Update Information Update Information 11808 Maybe Security Update 1.0.50361.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11808 Update Information <a href="https://twitter.com/bugwhale">bugwhale</a> Dhanesh Kizhakkinan with Mandiant 1.0 2022-03-08T08:00:00 <p>Information published.</p> HEIF Image Extensions Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>1.0.43012.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.HEIFImageExtension</code></p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-24457 11805 Remote Code Execution 11805 Important 11805 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11805 Update Information 11805 Maybe Security Update 1.0.43012.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11805 Update Information Dhanesh Kizhakkinan with Mandiant 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24506 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William S&#246;derberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2022-24507 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 <a href="https://twitter.com/yhzx_2013">ZiMi (@YHZX_2013)</a> with Alibaba Orion Security Lab 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Fax and Scan Service Elevation of Privilege Vulnerability Windows Fax and Scan Service Microsoft Yes CVE-2022-24459 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>What is the nature of the spoofing?</strong></p> <p>An authenticated attacker could make a specially crafted network call to the target Exchange Server that causes the parsing of an http request made to an attacker-controlled server. This could lead to the disclosure of files from the target Exchange Server.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-24463 11906 11908 11956 11957 Spoofing 11906 Spoofing 11908 Spoofing 11956 Spoofing 11957 Important 11906 Important 11908 Important 11956 Important 11957 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11906 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11908 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11956 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11957 5012698 http://www.microsoft.com/download/details.aspx?familyid=33f4b4dd-47a3-45f0-ae7e-367d3a17c5e0 5008631 11906 Yes Security Update 15.01.2308.027 https://support.microsoft.com/help/5012698 11906 5012698 5012698 https://support.microsoft.com/help/5012698 11906 11908 11956 11957 5012698 http://www.microsoft.com/download/details.aspx?familyid=a29a33c1-e1b3-4abc-88e6-fc707a0f80f1 5008631 11908 Yes Security Update 15.02.0922.027 https://support.microsoft.com/help/5012698 11908 5012698 5012698 http://www.microsoft.com/download/details.aspx?familyid=6c9f45ac-54ca-4342-bd27-e284412bf518 5008631 11956 Yes Security Update 15.01.2375.024 https://support.microsoft.com/help/5012698 11956 5012698 5012698 http://www.microsoft.com/download/details.aspx?familyid=819d3453-4d0e-442e-976b-711ad8f50c97 5008631 11957 Yes Security Update 15.02.0986.022 https://support.microsoft.com/help/5012698 11957 5012698 <a href="https://twitter.com/securiteam_ssd">Anonymous</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to chain other vulnerabilities in order to successfully gain unauthorized access to the target environment.</p> .NET and Visual Studio Microsoft Yes CVE-2022-24512 11785 11872 11935 11969 11761 12009 11730 11970 11745 11925 Remote Code Execution 11785 Remote Code Execution 11872 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 11761 Remote Code Execution 12009 Remote Code Execution 11730 Remote Code Execution 11970 Remote Code Execution 11745 Remote Code Execution 11925 Important 11785 Important 11872 Important 11935 Important 11969 Important 11761 Important 12009 Important 11730 Important 11970 Important 11745 Important 11925 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11785 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11872 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11935 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11969 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11761 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12009 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11730 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11970 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11745 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11925 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7 11785 Maybe Security Update 16.7.26 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7 11785 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.18 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.11 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/5.0 11761 Maybe Security Update 5.0.15 https://github.com/dotnet/announcements/issues/213 11761 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.3 https://github.com/dotnet/announcements/issues/213 12009 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet-core/3.1 11730 Maybe Security Update 3.1.23 https://github.com/dotnet/announcements/issues/213 11730 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11970 Maybe Security Update 7.2.2 https://github.com/PowerShell/Announcements/issues/29 11970 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11745 Maybe Security Update 7.0.9 https://github.com/PowerShell/Announcements/issues/29 11745 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11925 Maybe Security Update 7.1.6 https://github.com/PowerShell/Announcements/issues/29 11925 Release Notes 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-08T08:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p> 2.0 2022-03-16T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.0, PowerShell 7.1, and PowerShell 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/29">https://github.com/PowerShell/Announcements/issues/29</a> for more information.</p> 2.1 2023-04-14T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>The security updates for this vulnerability are all Windows operating systems. Are the other Windows devices in my network vulnerable?</strong></p> <p>No, this vulnerability only manifests in the Windows OS running in an Xbox environment. Non-Xbox environments cannot be exploited by this vulnerability.</p> XBox Microsoft Yes CVE-2022-21967 11568 11569 11570 11712 11713 11714 11896 11897 11898 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Important 11568 Important 11569 Important 11570 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11929 11930 11931 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 Rick Veldhoven 1.0 2022-03-08T08:00:00 <p>Information published.</p> Media Foundation Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-22010 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11568 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11569 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11570 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11571 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11572 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11712 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11713 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11714 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11896 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11897 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11898 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11923 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11924 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11801 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11802 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11803 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11926 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11927 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11929 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11930 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 11931 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10729 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10735 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10852 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10853 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10816 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10855 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10481 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10482 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10484 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10378 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10379 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10483 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 11929 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 11929 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://milotruck.github.io/">Brandon Chong Wee Kiat</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-17T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2022-23286 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 k0shl with Kunlun Lab 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows ALPC Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows ALPC Microsoft Yes CVE-2022-23287 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 Jarvis_1oop 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows DWM Core Library Microsoft Yes CVE-2022-23288 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 <a href="https://twitter.com/hillstone_lab">He YiSheng, Zhang WangJunJie, Li WenYue</a> with <a href="https://www.hillstonenet.com/">Hillstone Network Security Research Institute</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Windows Fast FAT Driver Microsoft Yes CVE-2022-23293 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://daramg.gift/">HyungSeok Han</a> with <a href="https://theori.io/">Theori</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Event Tracing Remote Code Execution Vulnerability <p><strong>How can an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could potentially take advantage of this vulnerability to execute malicious code through the Event Log's Remote Procedure Call (RPC) endpoint on the server-side.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What is a Remote Procedure Call?</strong></p> <p>Remote Procedure Call (RPC) is a communication mechanism that allows computers to communicate with one another over a network. An RPC consists of a procedure identifier, parameters passed to the procedure, and a value returned to the caller (client computer) after the procedure has executed on the remote system (server computer).</p> <p>See <a href="https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-start-page">Remote procedure call (RPC)</a> for more information.</p> Windows Event Tracing Microsoft Yes CVE-2022-23294 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>Access to the Event Log service endpoint is blocked by default and a firewall rule change is required to make the endpoint accessible from a locally triggered attack.</p> <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Raw Image Extension Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p> <p><strong>What version of the Raw Image Extension is secure?</strong></p> <p>For Windows 11 operating systems the secure version is 2.1.30391.0 and later. For Windows 10 operating systems the secure version is 2.0.30391.0 and later.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2022-23295 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Remote Code Execution 11804-11568 Remote Code Execution 11804-11569 Remote Code Execution 11804-11570 Remote Code Execution 11804-11673 Remote Code Execution 11804-11712 Remote Code Execution 11804-11713 Remote Code Execution 11804-11714 Remote Code Execution 11804-11896 Remote Code Execution 11804-11897 Remote Code Execution 11804-11898 Remote Code Execution 11804-11801 Remote Code Execution 11804-11802 Remote Code Execution 11804-11926 Remote Code Execution 11804-11927 Remote Code Execution 11804-11929 Remote Code Execution 11804-11930 Remote Code Execution 11804-11931 Remote Code Execution 11804-10729 Remote Code Execution 11804-10735 Remote Code Execution 11804-10852 Remote Code Execution 11804-10853 Important 11804-11568 Important 11804-11569 Important 11804-11570 Important 11804-11673 Important 11804-11712 Important 11804-11713 Important 11804-11714 Important 11804-11896 Important 11804-11897 Important 11804-11898 Important 11804-11801 Important 11804-11802 Important 11804-11926 Important 11804-11927 Important 11804-11929 Important 11804-11930 Important 11804-11931 Important 11804-10729 Important 11804-10735 Important 11804-10852 Important 11804-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11673 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10853 Update Information 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Maybe Security Update 2.0.30391.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11804-11568 11804-11569 11804-11570 11804-11673 11804-11712 11804-11713 11804-11714 11804-11896 11804-11897 11804-11898 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-10729 11804-10735 11804-10852 11804-10853 Update Information Update Information 11804-11926 11804-11927 Maybe Security Update 2.1.30391.0 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11804-11926 11804-11927 Update Information <a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-31T07:00:00 <p>Added platform designations to Security Updates table because the version of the raw extension is different for Windows 10 operating systems and Windows 11 operating systems. This is an informational change only.</p> Windows Installer Elevation of Privilege Vulnerability Windows Installer Microsoft Yes CVE-2022-23296 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Anonymous Ronnie Salomonsen from Mandiant 1.0 2022-03-08T08:00:00 <p>Information published.</p> Tablet Windows User Interface Application Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Tablet Windows User Interface Microsoft Yes CVE-2022-24460 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows ALPC Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows ALPC Microsoft Yes CVE-2022-24505 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 Jarvis_1oop 1.0 2022-03-08T08:00:00 <p>Information published.</p> Win32 File Enumeration Remote Code Execution Vulnerability <p><strong>What steps can I take to protect my network?</strong></p> <ol> <li><strong>Block TCP port 445 at the enterprise perimeter firewall</strong></li> </ol> <ul> <li>TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. <strong>However, systems could still be vulnerable to attacks from within their enterprise perimeter.</strong></li> </ul> <ol start="2"> <li><strong>Follow Microsoft guidelines to prevent SMB traffic from lateral connections and entering or leaving the network</strong></li> </ol> <ul> <li><a href="https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections">Preventing SMB traffic from lateral connections and entering or leaving the network</a></li> </ul> <p><strong>Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability?</strong></p> <p>No. The vulnerability exists in a new feature that was added to Windows 10 version 2004 and exists in newer supported versions of Windows. Older versions of Windows are not affected.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows SMB Server Microsoft Yes CVE-2022-24508 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">workaround</a> may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:</p> <p><strong>Disable SMBv3 compression</strong></p> <p>You can disable compression to block authenticated attackers from exploiting the vulnerability against an <strong>SMBv3 Server</strong> with the following PowerShell command:</p> <pre><code>Set-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters&quot; DisableCompression -Type DWORD -Value 1 -Force </code></pre> <p><strong>Notes:</strong></p> <ol> <li>No reboot is needed after making the change.</li> <li><strong>This workaround does not prevent exploitation of SMB clients; please see item 2 under FAQ to protect clients.</strong></li> </ol> <p>You can disable the workaround with the PowerShell command below.</p> <pre><code>Set-ItemProperty -Path &quot;HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters&quot; DisableCompression -Type DWORD -Value 0 -Force </code></pre> <p><strong>Note:</strong> No reboot is needed after disabling the workaround.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2022-24464 12009 11761 11730 11785 11872 11935 11969 Denial of Service 12009 Denial of Service 11761 Denial of Service 11730 Denial of Service 11785 Denial of Service 11872 Denial of Service 11935 Denial of Service 11969 Important 12009 Important 11761 Important 11730 Important 11785 Important 11872 Important 11935 Important 11969 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11761 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11730 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11785 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11872 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11935 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11969 Release Notes https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.3 https://github.com/dotnet/announcements/issues/212 12009 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/5.0 11761 Maybe Security Update 5.0.15 https://github.com/dotnet/announcements/issues/212 11761 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet-core/3.1 11730 Maybe Security Update 3.1.23 https://github.com/dotnet/announcements/issues/212 11730 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7 11785 Maybe Security Update 16.7.26 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7 11785 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.18 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.11 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes <a href="https://twitter.com/larseidnes">Lars Eidnes</a> with <a href="https://catchjs.com/">CatchJS</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-08T08:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p> Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker could potentially bypass the Intune policy file save location.</p> Microsoft Intune Microsoft Yes CVE-2022-24465 12012 Security Feature Bypass 12012 Important 12012 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12012 Release Notes https://apps.apple.com/us/app/intune-company-portal/id719171358 12012 Maybe Security Update 5.2112.3 https://apps.apple.com/us/app/intune-company-portal/id719171358 12012 Release Notes Anonymous 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24515 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Soderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24467 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William S&#246;derberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Skype Extension for Chrome Information Disclosure Vulnerability <p><strong>How can I get the update for Skype Extension for Chrome?</strong></p> <p>The Skype Extension for Chrome is available in the Chrome Web Store.</p> <ol> <li>Open the Chrome Web Store and type &quot;Skype&quot; into the search box.</li> <li>Scroll down to <strong>Extensions</strong>. The Skype Extension will be the first on the list</li> <li>Click on the <strong>Add to Chrome</strong> button.</li> </ol> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the target's Skype ID. If an attacker gains access to that ID they could potentially match it within Skype to a name and Avatar for the user.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A targeted user would need to visit a malicious user's website using Chrome with this Extension while the user is logged into a Microsoft account.</p> Skype Extension for Chrome Microsoft Yes CVE-2022-24522 12016 Information Disclosure 12016 Important 12016 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12016 Release Notes https://chrome.google.com/webstore/detail/skype/lifbcibllhkdhoafpjfnlhfpfgnpldfl 12016 Maybe Security Update 10.2.0.9951 https://chrome.google.com/webstore/detail/skype/lifbcibllhkdhoafpjfnlhfpfgnpldfl 12016 Release Notes <a href="https://palant.info/">Wladimir Palant</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-05-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-23253 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/i4mchr00t">Alex Nichols</a> with <a href="https://labs.nettitude.com/">Nettitude</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Media Center Update Denial of Service Vulnerability Windows Media Microsoft Yes CVE-2022-21973 10047 10048 10481 10482 10484 10378 10379 10483 10543 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 JIWO Technology Co., Ltd 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-21975 11569 11571 11572 11713 11896 11923 11924 11803 11931 10735 10853 10816 10855 10482 10483 10543 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11713 Denial of Service 11896 Denial of Service 11923 Denial of Service 11924 Denial of Service 11803 Denial of Service 11931 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10482 Denial of Service 10483 Denial of Service 10543 Important 11569 Important 11571 Important 11572 Important 11713 Important 11896 Important 11923 Important 11924 Important 11803 Important 11931 Important 10735 Important 10853 Important 10816 Important 10855 Important 10482 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11569 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11569 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11569 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11713 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11713 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11803 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11803 5011487 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10482 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10482 10483 10543 <a href="https://twitter.com/rezer0dai">rezer0dai</a> with Calories for GOOD 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-23277 11682 11906 11908 11956 11957 Remote Code Execution 11682 Remote Code Execution 11906 Remote Code Execution 11908 Remote Code Execution 11956 Remote Code Execution 11957 Critical 11682 Critical 11906 Critical 11908 Critical 11956 Critical 11957 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11906 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11908 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 5010324 http://www.microsoft.com/download/details.aspx?familyid=ad904d7c-3c77-4585-a534-9f1505ad1ec4 5008631 11682 Yes Security Update 15.00.1497.033 https://support.microsoft.com/help/5010324 11682 5010324 5010324 https://support.microsoft.com/help/5010324 11682 5012698 http://www.microsoft.com/download/details.aspx?familyid=33f4b4dd-47a3-45f0-ae7e-367d3a17c5e0 5008631 11906 Yes Security Update 15.01.2308.027 https://support.microsoft.com/help/5012698 11906 5012698 5012698 https://support.microsoft.com/help/5012698 11906 11908 11956 11957 5012698 http://www.microsoft.com/download/details.aspx?familyid=a29a33c1-e1b3-4abc-88e6-fc707a0f80f1 5008631 11908 Yes Security Update 15.02.0922.027 https://support.microsoft.com/help/5012698 11908 5012698 5012698 http://www.microsoft.com/download/details.aspx?familyid=6c9f45ac-54ca-4342-bd27-e284412bf518 5008631 11956 Yes Security Update 15.01.2375.024 https://support.microsoft.com/help/5012698 11956 5012698 5012698 http://www.microsoft.com/download/details.aspx?familyid=819d3453-4d0e-442e-976b-711ad8f50c97 5008631 11957 Yes Security Update 15.02.0986.022 https://support.microsoft.com/help/5012698 11957 5012698 Markus Wulftange <a href="https://twitter.com/mwulftange">@mwulftange</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Common Log File System Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Common Log File System Driver Microsoft Yes CVE-2022-23281 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> keqi hu 1.0 2022-03-08T08:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>6.2203.1037.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.MSPaint</code></p> Paint 3D Microsoft Yes CVE-2022-23282 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2203.1037.0 https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Release Notes Sooraj K S (@soorajks) with Sophos 1.0 2022-03-08T08:00:00 <p>Information published.</p> 1.1 2022-03-23T07:00:00 <p>Added an FAQ. This is an information change only.</p> Windows ALPC Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows ALPC Microsoft Yes CVE-2022-23283 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 Jarvis_1oop 1.1 2022-03-16T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components Microsoft Yes CVE-2022-23284 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.2 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> Windows Remote Desktop Microsoft Yes CVE-2022-23285 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/ver0759">Ver(@Ver0759)</a>, <a href="https://twitter.com/lewislee53">Lewis(@LewisLee53)</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng)</a> with <a href="https://www.sangfor.com/en">Sangfor</a> 1.1 2022-03-16T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2022-23297 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011503 5011503 https://support.microsoft.com/help/5011503 11568 11569 11570 11571 11572 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 11923 11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 11923 11924 5011497 5011497 https://support.microsoft.com/help/5011497 11923 11924 5011580 11923 11924 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 11923 11924 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11929 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11929 11930 11931 5011487 5011491 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011491 5010358 10729 10735 Yes Security Update 10.0.10240.19235 https://support.microsoft.com/help/5011491 10729 10735 5011491 5011495 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011495 5010359 10852 10853 10816 10855 Yes Security Update 10.0.14393.5006 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011495 5011495 https://support.microsoft.com/help/5011495 10852 10853 10816 10855 5011552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011552 5010404 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25898 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011552 5011552 https://support.microsoft.com/help/5011552 10047 10048 10051 10049 5011529 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011529 10047 10048 10051 10049 Yes Security Only 6.1.7601.25898 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011529 5011529 https://support.microsoft.com/help/5011529 10047 10048 10051 10049 5011564 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011564 5010419 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20303 https://support.microsoft.com/help/5011564 10481 10482 10483 10543 5011564 5011564 https://support.microsoft.com/help/5011564 10481 10482 10484 10483 10543 5011560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011560 10481 10482 10483 10543 Yes Security Only 6.3.9600.20303 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011560 5011560 https://support.microsoft.com/help/5011560 10481 10482 10483 10543 5011564 5010419 10484 Yes Monthly Rollup 6.3.9600.20296 https://support.microsoft.com/help/5010419 10484 5011564 5011534 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011534 5010384 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21416 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011534 5011534 https://support.microsoft.com/help/5011534 9312 10287 9318 9344 5011525 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011525 9312 10287 9318 9344 Yes Security Only 6.0.6003.21416 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011525 5011525 https://support.microsoft.com/help/5011525 9312 10287 9318 9344 5011535 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011535 5010392 10378 10379 Yes Monthly Rollup 6.2.9200.23645 https://support.microsoft.com/help/5011535 10378 10379 5011535 5011535 https://support.microsoft.com/help/5011535 10378 10379 5011527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011527 10378 10379 Yes Security Only 6.2.9200.23639 https://support.microsoft.com/help/5011527 10378 10379 5011527 5011527 https://support.microsoft.com/help/5011527 10378 10379 <a href="https://twitter.com/yhzx_2013">ZiMi (@YHZX_2013)</a> with Alibaba Orion Security Lab 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Visio Microsoft Yes CVE-2022-24509 11573 11574 11762 11763 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Visio Microsoft Yes CVE-2022-24461 11573 11574 11762 11763 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Visio Microsoft Yes CVE-2022-24510 11573 11574 11762 11763 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Word Security Feature Bypass Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>While this vulnerability would not allow macros to be enabled or remove certain protections, it could allow specific protections to be bypassed in Protected View. This could lead users to open files and not be notified of the risks involved with using a file from the Internet.</p> Microsoft Office Word Microsoft Yes CVE-2022-24462 11573 11574 11762 11763 11952 11953 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Felix Boulet 1.0 2022-03-08T08:00:00 <p>Information published.</p> Microsoft Office Word Tampering Vulnerability <p><strong>If the preview pane is an attack vector, why is the severity for this vulnerability Important and not Critical?</strong></p> <p>Even though the preview pane is an attack vector, the attacker cannot achieve remote code execution if they successfully exploit the vulnerability, but can only gain information from the victim.</p> <p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p> <p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Word Microsoft Yes CVE-2022-24511 11573 11574 11575 11762 11763 11951 11952 11953 10746 10747 10606 10604 10605 Tampering 11573 Tampering 11574 Tampering 11575 Tampering 11762 Tampering 11763 Tampering 11951 Tampering 11952 Tampering 11953 Tampering 10746 Tampering 10747 Tampering 10606 Tampering 10604 Tampering 10605 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10746 Important 10747 Important 10606 Important 10604 Important 10605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11575 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10746 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10747 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10606 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10604 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10605 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.59.22031300 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes 5002139 https://www.microsoft.com/download/details.aspx?familyid=0b60ec5d-33a7-475d-a5d8-fbbed5633eda 5002057 10746 Maybe Security Update 16.0.5290.1000 https://support.microsoft.com/kb/5002139 10746 5002139 5002139 https://www.microsoft.com/download/details.aspx?familyid=dad8392c-67cc-432a-b7c5-53cefee80f33 5002057 10747 Maybe Security Update 16.0.5290.1000 https://support.microsoft.com/kb/5002139 10747 5002139 5002068 5001960 10606 Maybe Security Update 15.0.5431.1000 https://support.microsoft.com/kb/5002068 10606 5002068 5002068 https://www.microsoft.com/download/details.aspx?familyid=91f85694-e19b-4b22-93d2-60f1b1c4c4bf 5001960 10604 Maybe Security Update 15.0.5431.1000 https://support.microsoft.com/kb/5002068 10604 5002068 5002068 https://www.microsoft.com/download/details.aspx?familyid=1623b0ed-4039-4e0e-876b-ba60dac48a3f 5001960 10605 Maybe Security Update 15.0.5431.1000 https://support.microsoft.com/kb/5002068 10605 5002068 Felix B. 1.0 2022-03-08T08:00:00 <p>Information published.</p> 2.0 2022-03-16T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24468 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>No special privileges are required to exploit this vulnerability. An attacker needs to have network connectivity to the replication appliance.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> <p><strong>What could an attacker do with the exposed credentials?</strong></p> <p>An attacker could call Azure Site Recovery APIs provided by the Configuration Server and in turn get access to configuration data including credentials for the protected systems. Using the APIs, the attacker could also modify or delete configuration data which in turn will impact Site Recovery operation.</p> Azure Site Recovery Microsoft Yes CVE-2022-24469 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24517 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24470 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24518 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24519 12018 Elevation of Privilege 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Söderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24471 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William S&#246;derberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Azure Site Recovery Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.</p> <p><strong>What is Azure Site Recovery?</strong></p> <p>Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: <a href="https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview">About Azure Site Recovery - Azure Site Recovery</a></p> <p><strong>To what scenario does this vulnerability apply?</strong></p> <p>This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in <a href="https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-architecture">Azure Site Recovery - Classic - Azure Site Recovery</a>.</p> <p><strong>What can I do to protect myself from this vulnerability?</strong></p> <p>You can follow the steps here (Update rollup 60 for <a href="https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8">Azure Site Recovery -K5011122</a>) to update to version 9.47.</p> Azure Site Recovery Microsoft Yes CVE-2022-24520 12018 Remote Code Execution 12018 Important 12018 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12018 Release Notes https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Maybe Security Update 9.47 https://support.microsoft.com/en-us/topic/update-rollup-60-for-azure-site-recovery-k5011122-883a93a7-57df-4b26-a1c4-847efb34a9e8 12018 Release Notes William Soderberg with <a href="https://www.f-secure.com/">F-Secure</a> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Brotli Library Buffer Overflow Vulnerability <p><strong>Why is this Google LLC CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in the Brotli library which is consumed by .NET and by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of .NET and Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> .NET and Visual Studio Google LLC Yes CVE-2020-8927 11730 11761 11785 11872 11935 11969 11970 11925 11745 12020 Remote Code Execution 11730 Remote Code Execution 11761 Remote Code Execution 11785 Remote Code Execution 11872 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 11970 Remote Code Execution 11925 Remote Code Execution 11745 Remote Code Execution 12020 Important 11730 Important 11761 Important 11785 Important 11872 Important 11935 Important 11969 Important 11970 Important 11925 Important 11745 Important 12020 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11730 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11761 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11785 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11872 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11935 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11969 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11970 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11925 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11745 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12020 Release Notes https://dotnet.microsoft.com/download/dotnet-core/3.1 11730 Maybe Security Update 3.1.23 https://github.com/dotnet/announcements/issues/211 11730 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/5.0 11761 Maybe Security Update 5.0.15 https://github.com/dotnet/announcements/issues/211 11761 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7 11785 Maybe Security Update 16.7.26 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7 11785 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.18 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.11 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11970 Maybe Security Update 7.2.2 https://github.com/PowerShell/Announcements/issues/30 11970 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11925 Maybe Security Update 7.1.6 https://github.com/PowerShell/Announcements/issues/30 11925 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11745 Maybe Security Update 7.0.9 https://github.com/PowerShell/Announcements/issues/30 11745 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.1 12020 Maybe Security Update 17.1.4 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12020 Release Notes 1.1 2022-03-08T08:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p> 2.0 2022-03-16T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.0, PowerShell 7.1, and PowerShell 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/30">https://github.com/PowerShell/Announcements/issues/30</a> for more information.</p> 3.0 2022-04-12T07:00:00 <p>The following changes were made: 1) Added Visual Studio 2022 version 17.1 to the Security Updates table as this version of Visual Studio is affected by this vulnerability. Customers running this version of Visual Studio 2022 should install the April 2022 security updates to be protected from this vulnerability. 2) Added Fixed Build Number to affected versions of .NET.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Windows Update Stack Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Update Stack Microsoft Yes CVE-2022-24525 11712 11713 11714 11896 11897 11898 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 11712 11713 11714 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 11712 11713 11714 5011485 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11896 11897 11898 11929 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 11896 11897 11898 11929 5011487 5011487 https://support.microsoft.com/help/5011487 11896 11897 11898 11801 11802 11803 11929 11930 11931 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11801 11802 11803 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 11801 11802 11803 5011487 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 11926 11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 11926 11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 11930 11931 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 11930 11931 5011487 Lockheed Martin Red Team 1.0 2022-03-08T08:00:00 <p>Information published.</p> Visual Studio Code Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have be enticed to open a malicious file in a directory. Users should never open anything that they do not know or trust to be safe.</p> Visual Studio Code Microsoft Yes CVE-2022-24526 11622 Spoofing 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.65.1 https://code.visualstudio.com/updates/v1_65 11622 Release Notes <a href="https://twitter.com/ndevtk">NDevTK</a> 1.1 2022-03-10T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0789 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0790 Use after free in Cast UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0790 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0791 Use after free in Omnibox <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0791 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0792 Out of bounds read in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0792 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0793 Use after free in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0793 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0794 Use after free in WebShare <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0794 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0795 Type Confusion in Blink Layout <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0795 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0796 Use after free in Media <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0796 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0797 Out of bounds memory access in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0797 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0798 Use after free in MediaStream <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0798 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0799 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0800 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0801 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0802 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0803 Inappropriate implementation in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0803 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0804 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0805 Use after free in Browser Switcher <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0805 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0806 Data leak in Canvas <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0806 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0807 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0807 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0808 Use after free in Chrome OS Shell <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0808 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Chromium: CVE-2022-0809 Out of bounds memory access in WebXR <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.30</td> <td>3/3/2022</td> <td>99.0.4844.51</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0809 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-03T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-26899 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.daviderceg.com/">David Erceg</a> 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0971 Use after free in Blink Layout <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0971 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0972 Use after free in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0972 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0973 Use after free in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0973 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0974 Use after free in Splitscreen <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0974 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0975 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0975 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0976 Heap buffer overflow in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0976 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0977 Use after free in Browser UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0977 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0978 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0978 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0979 Use after free in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0979 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-0980 Use after free in New Tab Page <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.46</td> <td>3/17/2022</td> <td>99.0.4844.74</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-0980 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 99.0.1150.46 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-03-17T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1096 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2022-1096 exists in the wild.</p> <p><strong>Why were Visual Studio 2022 version 17.0 and Visual Studio 2022 version 17.1 added to this Chrome CVE for Microsoft Edge?</strong></p> <p>These versions of Visual Studio 2022 use webview2 to render certain content, and this CVE addresses a vulnerability in that component.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>99.0.1150.55</td> <td>3/26/2022</td> <td>99.0.4844.84</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1096 11969 12020 11655 11969 12020 11655 11969 12020 11655 DOS:N/A Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.10 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.1 12020 Maybe Security Update 17.1.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.1.md 12020 Release Notes Release Notes 11655 No Security Update 99.0.1150.55 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 2.0 2022-05-10T07:00:00 <p>In the Security Updates table, added Visual Studio 2022 version 17.0 and Visual Studio 2022 version 17.1 as these versions of Visual Studio incorporate the webview2 component that is affected by this Chrome vulnerability. The May 2022 security updates for Visual Studio include the update for webview2. Microsoft strongly recommends that customers install the updates to be fully protected from this vulnerability.</p> 1.0 2022-03-26T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20321 https://nvd.nist.gov/vuln/detail/CVE-2021-20321 Mariner secalert@redhat.com Yes CVE-2021-20321 12137 12138 12137 12138 12137 12138 DOS:N/A 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2021-20321 12137 kernel kernel 12138 kernel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2021-20321 12138 kernel 1.0 2022-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-20320 https://nvd.nist.gov/vuln/detail/CVE-2021-20320 Mariner secalert@redhat.com Yes CVE-2021-20320 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 kernel 12137 kernel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2021-20320 12137 kernel kernel 12138 kernel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2021-20320 12138 kernel 1.0 2022-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3607 https://nvd.nist.gov/vuln/detail/CVE-2021-3607 Mariner secalert@redhat.com Yes CVE-2021-3607 12137 12138 12137 12138 12137 12138 DOS:N/A 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 12137 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 12138 qemu-kvm 12137 qemu-kvm-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 https://nvd.nist.gov/vuln/detail/CVE-2021-3607 12137 qemu-kvm qemu-kvm 12138 qemu-kvm-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 https://nvd.nist.gov/vuln/detail/CVE-2021-3607 12138 qemu-kvm 1.0 2022-03-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3608 https://nvd.nist.gov/vuln/detail/CVE-2021-3608 Mariner secalert@redhat.com Yes CVE-2021-3608 12137 12138 12137 12138 12137 12138 DOS:N/A 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 12137 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 12138 qemu-kvm 12137 qemu-kvm-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 https://nvd.nist.gov/vuln/detail/CVE-2021-3608 12137 qemu-kvm qemu-kvm 12138 qemu-kvm-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 qemu-img-4.2.0-38.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.0-38 https://nvd.nist.gov/vuln/detail/CVE-2021-3608 12138 qemu-kvm 1.0 2022-03-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-4190 https://nvd.nist.gov/vuln/detail/CVE-2021-4190 Mariner cve@gitlab.com Yes CVE-2021-4190 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 wireshark 12139 wireshark-3.4.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-3.4.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-3.4.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-3.4.14-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.4.14-1 https://nvd.nist.gov/vuln/detail/CVE-2021-4190 12139 wireshark wireshark 12140 wireshark-3.4.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-3.4.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-3.4.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-3.4.14-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.4.14-1 https://nvd.nist.gov/vuln/detail/CVE-2021-4190 12140 wireshark 1.0 2022-03-26T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-3700 https://nvd.nist.gov/vuln/detail/CVE-2021-3700 Mariner secalert@redhat.com Yes CVE-2021-3700 12139 12140 12139 12140 12139 12140 DOS:N/A 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 12139 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 12140 usbredir 12139 usbredir-0.12.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 usbredir-devel-0.12.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 usbredir-server-0.12.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 usbredir-debuginfo-0.12.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.12.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-3700 12139 usbredir usbredir 12140 usbredir-0.12.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 usbredir-devel-0.12.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 usbredir-server-0.12.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 usbredir-debuginfo-0.12.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.12.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-3700 12140 usbredir 1.0 2022-03-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 Mariner cve-assignments@hackerone.com Yes CVE-2021-44531 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 12137 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 12138 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 12139 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 12140 nodejs 12137 nodejs-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 12137 nodejs nodejs 12138 nodejs-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 12138 nodejs nodejs 12139 nodejs-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 12139 nodejs nodejs 12140 nodejs-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 12140 nodejs 1.0 2022-03-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0563 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 Mariner secalert@redhat.com Yes CVE-2022-0563 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 util-linux 12137 util-linux-2.32.1-7.cm1.x86_64.rpm 0001-01-01T00:00:00 util-linux-lang-2.32.1-7.cm1.x86_64.rpm 0001-01-01T00:00:00 util-linux-devel-2.32.1-7.cm1.x86_64.rpm 0001-01-01T00:00:00 util-linux-libs-2.32.1-7.cm1.x86_64.rpm 0001-01-01T00:00:00 util-linux-debuginfo-2.32.1-7.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.32.1-7 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 12137 util-linux util-linux 12138 util-linux-2.32.1-7.cm1.aarch64.rpm 0001-01-01T00:00:00 util-linux-lang-2.32.1-7.cm1.aarch64.rpm 0001-01-01T00:00:00 util-linux-devel-2.32.1-7.cm1.aarch64.rpm 0001-01-01T00:00:00 util-linux-libs-2.32.1-7.cm1.aarch64.rpm 0001-01-01T00:00:00 util-linux-debuginfo-2.32.1-7.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.32.1-7 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 12138 util-linux util-linux 12139 util-linux-2.37.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 util-linux-lang-2.37.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 util-linux-devel-2.37.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 util-linux-libs-2.37.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 util-linux-debuginfo-2.37.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.37.4-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 12139 util-linux util-linux 12140 util-linux-2.37.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 util-linux-lang-2.37.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 util-linux-devel-2.37.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 util-linux-libs-2.37.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 util-linux-debuginfo-2.37.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.37.4-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0563 12140 util-linux 1.0 2022-03-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0696 https://nvd.nist.gov/vuln/detail/CVE-2022-0696 Mariner security@huntr.dev Yes CVE-2022-0696 12139 12140 12139 12140 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 vim 12139 vim-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0696 12139 vim vim 12140 vim-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0696 12140 vim 1.0 2022-03-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0617 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 Mariner secalert@redhat.com Yes CVE-2022-0617 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 12137 kernel kernel 12138 kernel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.102.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.102.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 12138 kernel kernel 12139 kernel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.26.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 12139 kernel kernel 12140 kernel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.26.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 12140 kernel 1.0 2022-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 Mariner cve-assignments@hackerone.com Yes CVE-2021-44533 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 nodejs 12137 nodejs-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 12137 nodejs nodejs 12138 nodejs-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 12138 nodejs nodejs 12139 nodejs-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 12139 nodejs nodejs 12140 nodejs-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 12140 nodejs 1.0 2022-03-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 Mariner cve-assignments@hackerone.com Yes CVE-2021-44532 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 nodejs 12137 nodejs-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 12137 nodejs nodejs 12138 nodejs-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 12138 nodejs nodejs 12139 nodejs-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 12139 nodejs nodejs 12140 nodejs-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 12140 nodejs 1.0 2022-03-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 Mariner cve-assignments@hackerone.com Yes CVE-2022-21824 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 12137 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 12138 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 12139 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 12140 nodejs 12137 nodejs-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 12137 nodejs nodejs 12138 nodejs-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-14.18.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14.18.3-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 12138 nodejs nodejs 12139 nodejs-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 12139 nodejs nodejs 12140 nodejs-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.14.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 12140 nodejs 1.0 2022-03-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 Mariner security@huntr.dev Yes CVE-2022-0729 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 vim 12137 vim-8.2.4495-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4495-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4495-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 12137 vim vim 12138 vim-8.2.4495-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4495-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4495-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 12138 vim vim 12139 vim-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 12139 vim vim 12140 vim-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 12140 vim 1.0 2022-03-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 Mariner security@huntr.dev Yes CVE-2022-0714 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 vim 12137 vim-8.2.4495-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4495-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4495-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 12137 vim vim 12138 vim-8.2.4495-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4495-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4495-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 12138 vim vim 12139 vim-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 12139 vim vim 12140 vim-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-8.2.4743-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.2.4743-1 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 12140 vim 1.0 2022-03-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-24407 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 Mariner cve@mitre.org Yes CVE-2022-24407 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 cyrus-sasl 12137 cyrus-sasl-2.1.28-1.cm1.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-debuginfo-2.1.28-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.28-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 12137 cyrus-sasl cyrus-sasl 12138 cyrus-sasl-2.1.28-1.cm1.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-debuginfo-2.1.28-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.28-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 12138 cyrus-sasl cyrus-sasl 12139 cyrus-sasl-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-devel-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-gs2-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-gssapi-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-ldap-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-lib-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-md5-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-ntlm-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-plain-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-scram-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-sql-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 cyrus-sasl-debuginfo-2.1.28-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.28-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 12139 cyrus-sasl cyrus-sasl 12140 cyrus-sasl-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-devel-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-gs2-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-gssapi-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-ldap-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-lib-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-md5-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-ntlm-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-plain-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-scram-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-sql-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 cyrus-sasl-debuginfo-2.1.28-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.28-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 12140 cyrus-sasl 1.0 2022-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-23308 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 Mariner cve@mitre.org Yes CVE-2022-23308 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 libxml2 12137 libxml2-2.9.13-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libxml2-python-2.9.13-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-libxml2-2.9.13-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libxml2-devel-2.9.13-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libxml2-debuginfo-2.9.13-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9.13-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 12137 libxml2 libxml2 12138 libxml2-2.9.13-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libxml2-python-2.9.13-1.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-libxml2-2.9.13-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libxml2-devel-2.9.13-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libxml2-debuginfo-2.9.13-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9.13-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 12138 libxml2 libxml2 12139 libxml2-2.9.13-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-libxml2-2.9.13-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libxml2-devel-2.9.13-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libxml2-debuginfo-2.9.13-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9.13-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 12139 libxml2 libxml2 12140 libxml2-2.9.13-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-libxml2-2.9.13-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libxml2-devel-2.9.13-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libxml2-debuginfo-2.9.13-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.9.13-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 12140 libxml2 1.0 2022-03-09T00:00:00 <p>Information published.</p> Microsoft Defender for Endpoint Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>How can I verify that the update is installed?</strong></p> <p>Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.</p> <p><strong>Where can I get more information?</strong></p> <p>For more information, please see the blog post <a href="https://aka.ms/CVE-2022-23278Post">here</a>.</p> Microsoft Defender for Endpoint Microsoft Yes CVE-2022-23278 12015 12014 12019 12023 12013-11801 12013-11714 12013-11803 12013-11926 12013-11929 12013-11927 12013-11713 12013-11923 12013 12013-11712 12013-11897 12013-11802 12013-11572 12013-11898 12013-11931 12013-11930 12013-11924 12013-11896 12013-11571 12013-11569 12013-11570 12013-11568 12021-10816 12021-10855 12021-10483 12021-10543 Spoofing 12015 Spoofing 12014 Spoofing 12019 Spoofing 12023 Spoofing 12013-11801 Spoofing 12013-11714 Spoofing 12013-11803 Spoofing 12013-11926 Spoofing 12013-11929 Spoofing 12013-11927 Spoofing 12013-11713 Spoofing 12013-11923 Spoofing 12013 Spoofing 12013-11712 Spoofing 12013-11897 Spoofing 12013-11802 Spoofing 12013-11572 Spoofing 12013-11898 Spoofing 12013-11931 Spoofing 12013-11930 Spoofing 12013-11924 Spoofing 12013-11896 Spoofing 12013-11571 Spoofing 12013-11569 Spoofing 12013-11570 Spoofing 12013-11568 Spoofing 12021-10816 Spoofing 12021-10855 Spoofing 12021-10483 Spoofing 12021-10543 Important 12015 Important 12014 Important 12019 Important 12023 Important 12013-11801 Important 12013-11714 Important 12013-11803 Important 12013-11926 Important 12013-11929 Important 12013-11927 Important 12013-11713 Important 12013-11923 Important 12013 Important 12013-11712 Important 12013-11897 Important 12013-11802 Important 12013-11572 Important 12013-11898 Important 12013-11931 Important 12013-11930 Important 12013-11924 Important 12013-11896 Important 12013-11571 Important 12013-11569 Important 12013-11570 Important 12013-11568 Important 12021-10816 Important 12021-10855 Important 12021-10483 Important 12021-10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12015 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12014 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12019 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12023 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11801 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11714 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11803 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11926 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11927 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11713 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11712 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11897 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11802 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11898 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11896 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11570 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12013-11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12021-10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12021-10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12021-10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12021-10543 Release Notes https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-updates?view=o365-worldwide 12015 No Security Update 101.60.93 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-updates?view=o365-worldwide 12015 Release Notes Release Notes https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide 12014 No Security Update 101.60.91 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide 12014 Release Notes Release Notes 12019 No Security Update 1.0.3011.0302 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mtd?view=o365-worldwide 12019 Release Notes Release Notes 12023 No Security Update 1.1.18090109 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mtd?view=o365-worldwide 12023 Release Notes 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 12013-11801 12013-11803 12013-11802 Yes Security Update 10.0.19042.1586 https://support.microsoft.com/help/5011487 12013-11801 12013-11803 12013-11802 5011487 5011487 https://support.microsoft.com/help/5011487 12013-11801 12013-11803 12013-11929 12013-11897 12013-11802 12013-11898 12013-11931 12013-11930 12013-11896 5011485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011485 5010345 12013-11714 12013-11713 12013-11712 Yes Security Update 10.0.18363.2158 https://support.microsoft.com/help/5011485 12013-11714 12013-11713 12013-11712 5011485 5011493 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011493 5010386 12013-11926 12013-11927 Yes Security Update 10.0.22000.556 https://support.microsoft.com/help/5011493 12013-11926 12013-11927 5011493 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 12013-11929 12013-11931 12013-11930 Yes Security Update 10.0.19044.1586 https://support.microsoft.com/help/5011487 12013-11929 12013-11931 12013-11930 5011487 5011497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011497 5010354 12013-11923 12013-11924 Yes Security Update 10.0.20348.587 https://support.microsoft.com/help/5011497 12013-11923 12013-11924 5011497 5011497 https://support.microsoft.com/help/5011497 12013-11923 12013-11924 5011580 12013 Yes Security Hotpatch Update 10.0.20348.580 https://support.microsoft.com/help/5011580 12013 5011580 5011487 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011487 5010342 12013-11897 12013-11898 12013-11896 Yes Security Update 10.0.19043.1586 https://support.microsoft.com/help/5011487 12013-11897 12013-11898 12013-11896 5011487 5011503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5011503 5010351 12013-11572 12013-11571 12013-11569 12013-11570 12013-11568 Yes Security Update 10.0.17763.2686 https://support.microsoft.com/help/5011503 12013-11572 12013-11571 12013-11569 12013-11570 12013-11568 5011503 5011503 https://support.microsoft.com/help/5011503 12013-11572 12013-11571 12013-11569 12013-11570 12013-11568 Information https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005292 12021-10816 12021-10855 12021-10483 12021-10543 Maybe Security Update 10.8047.22439 https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac 12021-10816 12021-10855 12021-10483 12021-10543 Information Gijs Hollestelle with <a href="https://www.falconforce.nl/">FalconForce</a> 2.0 2022-03-09T08:00:00 <p>Information added to the Security Updates table for Windows Servers 2012 R2 and 2016. Removed rows for Windows 10, Windows 7, Windows 8.1, and Windows Server 2008 R2. Updated FAQ regarding available security updates. More information regarding Windows Servers 2012 R2 and 2016 is available here: <a href="https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac">Microsoft Defender for Endpoint update for EDR Sensor</a>.</p> 1.0 2022-03-08T08:00:00 <p>Information published.</p> 3.0 2022-03-28T07:00:00 <p>Added links to updates for Microsoft Defender for Endpoint for iOS and Microsoft Defender for Endpoint for Android. Customers that are running these products should ensure that they have received the updates.</p> 3.1 2025-07-08T07:00:00 <p>Updated links to security updates. This is an informational change only.</p>