May 2022 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2022-May 2022-May Final 1.0 68 2026-02-21T04:01:03 May 2022 Security Updates 2022-05-10T08:00:00 2026-02-21T04:01:03 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET and Visual Studio</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Exchange Server</li> <li>Microsoft Graphics Component</li> <li>Microsoft Local Security Authority Server (lsasrv)</li> <li>Microsoft Office</li> <li>Microsoft Office Excel</li> <li>Microsoft Office SharePoint</li> <li>Microsoft Windows ALPC</li> <li>Remote Desktop Client</li> <li>Role: Windows Fax Service</li> <li>Role: Windows Hyper-V</li> <li>Self-hosted Integration Runtime</li> <li>Tablet Windows User Interface</li> <li>Visual Studio</li> <li>Visual Studio Code</li> <li>Windows Active Directory</li> <li>Windows Address Book</li> <li>Windows Authentication Methods</li> <li>Windows BitLocker</li> <li>Windows Cluster Shared Volume (CSV)</li> <li>Windows Failover Cluster Automation Server</li> <li>Windows Kerberos</li> <li>Windows Kernel</li> <li>Windows LDAP - Lightweight Directory Access Protocol</li> <li>Windows Media</li> <li>Windows Network File System</li> <li>Windows NTFS</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Print Spooler Components</li> <li>Windows Push Notifications</li> <li>Windows Remote Access Connection Manager</li> <li>Windows Remote Desktop</li> <li>Windows Remote Procedure Call Runtime</li> <li>Windows Server Service</li> <li>Windows Storage Spaces Controller</li> <li>Windows WLAN Auto Config Service</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972">CVE-2022-21972</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978">CVE-2022-21978</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011">CVE-2022-22011</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012">CVE-2022-22012</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015">CVE-2022-22015</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016">CVE-2022-22016</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017">CVE-2022-22017</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019">CVE-2022-22019</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713">CVE-2022-22713</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270">CVE-2022-23270</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279">CVE-2022-23279</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466">CVE-2022-24466</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26913">CVE-2022-26913</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923">CVE-2022-26923</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925">CVE-2022-26925</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26926">CVE-2022-26926</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26927">CVE-2022-26927</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26930">CVE-2022-26930</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26931">CVE-2022-26931</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26932">CVE-2022-26932</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26933">CVE-2022-26933</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26934">CVE-2022-26934</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26935">CVE-2022-26935</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936">CVE-2022-26936</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26937">CVE-2022-26937</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26938">CVE-2022-26938</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26939">CVE-2022-26939</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26940">CVE-2022-26940</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29102">CVE-2022-29102</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29106">CVE-2022-29106</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29107">CVE-2022-29107</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108">CVE-2022-29108</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29109">CVE-2022-29109</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29110">CVE-2022-29110</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29112">CVE-2022-29112</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29113">CVE-2022-29113</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29114">CVE-2022-29114</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29115">CVE-2022-29115</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29116">CVE-2022-29116</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29120">CVE-2022-29120</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29121">CVE-2022-29121</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29122">CVE-2022-29122</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29123">CVE-2022-29123</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29125">CVE-2022-29125</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29126">CVE-2022-29126</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29127">CVE-2022-29127</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29128">CVE-2022-29128</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29129">CVE-2022-29129</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29130">CVE-2022-29130</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29131">CVE-2022-29131</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29133">CVE-2022-29133</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29134">CVE-2022-29134</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29135">CVE-2022-29135</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29138">CVE-2022-29138</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29139">CVE-2022-29139</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29140">CVE-2022-29140</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29142">CVE-2022-29142</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29148">CVE-2022-29148</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29150">CVE-2022-29150</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29151">CVE-2022-29151</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29972">CVE-2022-29972</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129">CVE-2022-30129</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5011363">5011363</a></td> <td>New Exchange Server Security Update and Hotfix Packaging</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013941">5013941</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013942">5013942</a></td> <td>Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013943">5013943</a></td> <td>Windows 11</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013944">5013944</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013952">5013952</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5013999">5013999</a></td> <td>Windows 7, Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014001">5014001</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014006">5014006</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014010">5014010</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014011">5014011</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014012">5014012</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014017">5014017</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5014018">5014018</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Remote Desktop client for Windows Desktop Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) .NET Core 3.1 .NET 5.0 Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Visual Studio 2019 for Mac version 8.10 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.0 .NET 6.0 Microsoft Visual Studio 2022 version 17.1 PowerShell 7.0 PowerShell 7.2 Visual Studio 2022 for Mac version 17.0 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems Visual Studio Code Microsoft Office 2019 for Mac Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Online Server Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Edge (Chromium-based) Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 12 Self-hosted Integration Runtime Azure Synapse Azure Data Factory CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Visual Studio Code Microsoft Edge (Chromium-based) Microsoft Exchange Server 2013 Cumulative Update 23 Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems .NET Core 3.1 PowerShell 7.0 .NET 5.0 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Remote Desktop client for Windows Desktop Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Visual Studio 2019 for Mac version 8.10 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 Microsoft Visual Studio 2022 version 17.1 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Azure Data Factory Azure Synapse Self-hosted Integration Runtime Visual Studio 2022 for Mac version 17.0 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 python-waitress 3.0.1-1 on Azure Linux 3.0 azl3 cups 2.4.10-1 on Azure Linux 3.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 cm1 ruby 2.6.10-1 on CBL Mariner 1.0 azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0 azl3 qemu 8.2.0-1 on Azure Linux 3.0 cbl2 kernel 5.15.70.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.86.1-1 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-48 on CBL Mariner 1.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 cm1 kernel 5.10.145.1-1 on CBL Mariner 1.0 cbl2 kured 1.13.2-1 on CBL Mariner 2.0 cbl2 mariadb 10.6.9-1 on CBL Mariner 2.0 azl3 hvloader 1.0.1-2 on Azure Linux 3.0 cm1 kernel 5.10.131.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.55.1-1 on CBL Mariner 2.0 cm1 curl 7.76.0-9 on CBL Mariner 1.0 cbl2 kernel 5.15.45.1-2 on CBL Mariner 2.0 cm1 libinput 1.16.5-1 on CBL Mariner 1.0 cbl2 libinput 1.21.0-1 on CBL Mariner 2.0 cm1 python-jwt 2.4.0-1 on CBL Mariner 1.0 cbl2 python-jwt 2.4.0-1 on CBL Mariner 2.0 cm1 logrotate 3.20.0-1 on CBL Mariner 1.0 cbl2 logrotate 3.20.1-1 on CBL Mariner 2.0 cm1 vim 8.2.5064-1 on CBL Mariner 1.0 cbl2 vim 8.2.5064-1 on CBL Mariner 2.0 cm1 moby-runc 1.1.2+azure-1 on CBL Mariner 1.0 cbl2 moby-runc 1.1.2-2 on CBL Mariner 2.0 cm1 kernel 5.10.117.1-2 on CBL Mariner 1.0 cm1 mariadb 10.3.35-1 on CBL Mariner 1.0 cm1 pcre2 10.34-2 on CBL Mariner 1.0 cbl2 vim 8.2.4925-1 on CBL Mariner 2.0 cm1 rsyslog 8.37.0-7 on CBL Mariner 1.0 cbl2 rsyslog 8.2204.1-1 on CBL Mariner 2.0 cm1 uclibc-ng 1.0.41-1 on CBL Mariner 1.0 cbl2 uclibc-ng 1.0.41-1 on CBL Mariner 2.0 cm1 openldap 2.4.57-3 on CBL Mariner 1.0 cbl2 openldap 2.4.57-7 on CBL Mariner 2.0 cm1 clamav 0.103.6-1 on CBL Mariner 1.0 cbl2 clamav 0.105.0-1 on CBL Mariner 2.0 cm1 openssl 1.1.1k-10 on CBL Mariner 1.0 cbl2 openssl 1.1.1k-15 on CBL Mariner 2.0 cbl2 kernel 5.15.37.1-2 on CBL Mariner 2.0 cm1 libxslt 1.1.34-3 on CBL Mariner 1.0 cm1 libxml2 2.9.14-1 on CBL Mariner 1.0 cbl2 libxslt 1.1.34-7 on CBL Mariner 2.0 cbl2 libxml2 2.9.14-1 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-41 on CBL Mariner 1.0 cbl2 qemu 6.2.0-16 on CBL Mariner 2.0 cbl2 ntfs-3g 2022.5.17-1 on CBL Mariner 2.0 cbl2 libtiff 4.4.0-1 on CBL Mariner 2.0 cbl2 dpkg 1.20.10-1 on CBL Mariner 2.0 cbl2 libarchive 3.6.1-1 on CBL Mariner 2.0 cbl2 cups 2.3.3op2-8 on CBL Mariner 2.0 cbl2 busybox 1.35.0-3 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 hvloader 1.0.1-1 on Azure Linux 3.0 cbl2 cups 2.3.3op2-9 on CBL Mariner 2.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) A format string vulnerability was found in libinput <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1215 Use of Externally-Controlled Format String 18693-16820 18694-16823 18693-16820 18694-16823 Important 18693-16820 Important 18694-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18693-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18694-16823 CBL-Mariner Releases 18693-16820 No Security Update 1.16.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18693-16820 CBL-Mariner Releases CBL-Mariner Releases 18694-16823 No Security Update 1.21.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18694-16823 CBL-Mariner Releases 1.0 2022-06-10T00:00:00 <p>Information published.</p> 1.1 2022-06-11T00:00:00 <p>Added libinput to CBL-Mariner 1.0</p> The c_rehash script allows command injection <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2022-1292 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 17859-17084 18717-16820 18718-16823 18131-17084 18666-17084 19915-17084 19671-17084 19686-17084 17859-17084 18717-16820 18718-16823 18131-17084 18666-17084 19915-17084 19671-17084 19686-17084 Critical 17859-17084 Critical 18717-16820 Critical 18718-16823 Critical 18131-17084 Critical 18666-17084 Critical 19915-17084 Critical 19671-17084 Critical 19686-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17859-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18717-16820 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18718-16823 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18131-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18666-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 19915-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19686-17084 CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 18717-16820 No Security Update 1.1.1k-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18717-16820 CBL-Mariner Releases CBL-Mariner Releases 18718-16823 No Security Update 1.1.1k-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18718-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 18666-17084 19915-17084 No Security Update 1.0.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18666-17084 19915-17084 CBL-Mariner Releases 2.4 2026-02-18T01:25:35 <p>Information published.</p> 1.0 2022-05-12T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 2.3 2025-08-11T00:00:00 <p>Added openssl to CBL-Mariner 2.0 Added edk2 to Azure Linux 3.0 Added hvloader to Azure Linux 3.0</p> A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist it is created with world-readable permission allowing an unprivileged user to lock the state file stopping any rotation. This flaw affects logrotate versions before 3.20.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1348 Incorrect Permission Assignment for Critical Resource 18697-16820 18698-16823 18697-16820 18698-16823 Moderate 18697-16820 Moderate 18698-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18697-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18698-16823 CBL-Mariner Releases 18697-16820 No Security Update 3.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18697-16820 CBL-Mariner Releases CBL-Mariner Releases 18698-16823 No Security Update 3.20.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18698-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1586 Out-of-bounds Read 18705-16820 18705-16820 Critical 18705-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18705-16820 CBL-Mariner Releases 18705-16820 No Security Update 10.34-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18705-16820 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1619 Heap-based Buffer Overflow 18699-16820 18706-16823 18699-16820 18706-16823 Important 18699-16820 Important 18706-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18706-16823 CBL-Mariner Releases 18699-16820 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 CBL-Mariner Releases CBL-Mariner Releases 18706-16823 No Security Update 8.2.4925-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18706-16823 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1620 NULL Pointer Dereference 18699-16820 18706-16823 18699-16820 18706-16823 Important 18699-16820 Important 18706-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18699-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18706-16823 CBL-Mariner Releases 18699-16820 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 CBL-Mariner Releases CBL-Mariner Releases 18706-16823 No Security Update 8.2.4925-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18706-16823 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> Heap buffer overflow in vim_strncpy find_word in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1621 Heap-based Buffer Overflow 18699-16820 18706-16823 18699-16820 18706-16823 Important 18699-16820 Important 18706-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18706-16823 CBL-Mariner Releases 18699-16820 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 CBL-Mariner Releases CBL-Mariner Releases 18706-16823 No Security Update 8.2.4925-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18706-16823 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit b4e79bfa. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-1623 Out-of-bounds Read 19487-16823 19487-16823 Moderate 19487-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19487-16823 CBL-Mariner Releases 19487-16823 No Security Update 4.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19487-16823 CBL-Mariner Releases 1.0 2022-05-19T00:00:00 <p>Information published.</p> Buffer Over-read in function find_next_quote in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1629 Buffer Over-read 18699-16820 18706-16823 18699-16820 18706-16823 Important 18699-16820 Important 18706-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18706-16823 CBL-Mariner Releases 18699-16820 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 CBL-Mariner Releases CBL-Mariner Releases 18706-16823 No Security Update 8.2.4925-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18706-16823 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1674 NULL Pointer Dereference 18699-16820 18700-16823 18699-16820 18700-16823 Moderate 18699-16820 Moderate 18700-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18699-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-24T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1733 Heap-based Buffer Overflow 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> 1.1 2022-05-27T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1734 Use After Free 18703-16820 18692-16823 18703-16820 18692-16823 Important 18703-16820 Important 18692-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18703-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18692-16823 CBL-Mariner Releases 18703-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18703-16820 CBL-Mariner Releases CBL-Mariner Releases 18692-16823 No Security Update 5.15.45.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18692-16823 CBL-Mariner Releases 1.0 2022-06-02T00:00:00 <p>Information published.</p> Classic Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1735 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> 1.1 2022-05-27T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> Uncontrolled Recursion in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1771 Uncontrolled Recursion 18699-16820 18700-16823 18699-16820 18700-16823 Moderate 18699-16820 Moderate 18700-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18699-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-27T00:00:00 <p>Information published.</p> Out-of-bounds Write in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1785 Out-of-bounds Write 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-27T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1786 Use After Free 18667-16820 18667-16820 Important 18667-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18667-16820 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases 1.0 2022-06-14T00:00:00 <p>Information published.</p> Out-of-bounds Read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1851 Out-of-bounds Read 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-06-05T00:00:00 <p>Information published.</p> A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1882 Use After Free 18605-16820 18506-16823 18605-16820 18506-16823 Important 18605-16820 Important 18506-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18605-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18506-16823 CBL-Mariner Releases 18605-16820 No Security Update 5.10.145.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18605-16820 CBL-Mariner Releases CBL-Mariner Releases 18506-16823 No Security Update 5.15.70.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18506-16823 CBL-Mariner Releases 1.0 2022-07-19T00:00:00 <p>Information published.</p> ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2022-20770 18715-16820 18716-16823 18715-16820 18716-16823 Important 18715-16820 Important 18716-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18715-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18716-16823 CBL-Mariner Releases 18715-16820 No Security Update 0.103.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18715-16820 CBL-Mariner Releases CBL-Mariner Releases 18716-16823 No Security Update 0.105.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18716-16823 CBL-Mariner Releases 1.0 2022-05-13T00:00:00 <p>Information published.</p> ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2022-20771 18715-16820 18716-16823 18715-16820 18716-16823 Important 18715-16820 Important 18716-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18715-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18716-16823 CBL-Mariner Releases 18715-16820 No Security Update 0.103.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18715-16820 CBL-Mariner Releases CBL-Mariner Releases 18716-16823 No Security Update 0.105.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18716-16823 CBL-Mariner Releases 1.0 2022-05-13T00:00:00 <p>Information published.</p> ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2022-20796 NULL Pointer Dereference 18715-16820 18716-16823 18715-16820 18716-16823 Moderate 18715-16820 Moderate 18716-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18715-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18716-16823 CBL-Mariner Releases 18715-16820 No Security Update 0.103.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18715-16820 CBL-Mariner Releases CBL-Mariner Releases 18716-16823 No Security Update 0.105.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18716-16823 CBL-Mariner Releases 1.0 2022-05-13T00:00:00 <p>Information published.</p> An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-22576 Missing Authentication for Critical Function 19686-17084 19671-17084 18691-16820 19686-17084 19671-17084 18691-16820 Important 19686-17084 Important 19671-17084 Important 18691-16820 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19686-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 19671-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 18691-16820 CBL-Mariner Releases 18691-16820 No Security Update 7.76.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18691-16820 CBL-Mariner Releases 1.0 2022-06-09T00:00:00 <p>Information published.</p> 1.1 2026-02-21T04:01:03 <p>Information published.</p> A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina macOS Monterey 12.3 macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apple Yes CVE-2022-26691 Incorrect Comparison 19499-16823 19950-17086 17722-17084 19499-16823 19950-17086 17722-17084 Moderate 19499-16823 Moderate 19950-17086 Moderate 17722-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19499-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19950-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17722-17084 CBL-Mariner Releases 19499-16823 19950-17086 No Security Update 2.3.3op2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19499-16823 19950-17086 CBL-Mariner Releases CBL-Mariner Releases 17722-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17722-17084 CBL-Mariner Releases 1.1 2026-02-18T01:51:04 <p>Information published.</p> 1.0 2024-04-01T00:00:00 <p>Information published.</p> There is a buffer over-read in Ruby before 2.6.10 2.7.x before 2.7.6 3.x before 3.0.4 and 3.1.x before 3.1.2. It occurs in String-to-Float conversion including Kernel#Float and String#to_f. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-28739 Out-of-bounds Read 17970-16820 17970-16820 Important 17970-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17970-16820 CBL-Mariner Releases 17970-16820 No Security Update 2.6.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17970-16820 CBL-Mariner Releases 1.0 2022-05-20T00:00:00 <p>Information published.</p> An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-28948 Deserialization of Untrusted Data 18624-16823 18624-16823 Important 18624-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18624-16823 CBL-Mariner Releases 18624-16823 No Security Update 1.13.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18624-16823 CBL-Mariner Releases 1.0 2023-11-08T00:00:00 <p>Information published.</p> Incorrect Default Permissions in runc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-29162 Incorrect Default Permissions 18701-16820 18702-16823 18701-16820 18702-16823 Important 18701-16820 Important 18702-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18701-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18702-16823 CBL-Mariner Releases 18701-16820 No Security Update 1.1.2+azure-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18701-16820 CBL-Mariner Releases CBL-Mariner Releases 18702-16823 No Security Update 1.1.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18702-16823 CBL-Mariner Releases 1.0 2022-06-02T00:00:00 <p>Information published.</p> Key confusion through non-blocklisted public key formats in PyJWT <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-29217 Use of a Broken or Risky Cryptographic Algorithm 18695-16820 18696-16823 18695-16820 18696-16823 Important 18695-16820 Important 18696-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18695-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18696-16823 CBL-Mariner Releases 18695-16820 18696-16823 No Security Update 2.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18695-16820 18696-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-29581 Improper Update of Reference Count 18703-16820 18513-16823 18703-16820 18513-16823 Important 18703-16820 Important 18513-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18703-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18513-16823 CBL-Mariner Releases 18703-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18703-16820 CBL-Mariner Releases CBL-Mariner Releases 18513-16823 No Security Update 5.15.86.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18513-16823 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> 1.1 2023-01-06T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> In libxml2 before 2.9.14 several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted multi-gigabyte XML file. Other software using libxml2's buffer functions for example libxslt through 1.1.35 is affected as well. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-29824 Integer Overflow or Wraparound 18723-16820 18724-16820 18725-16823 18726-16823 18723-16820 18724-16820 18725-16823 18726-16823 Moderate 18723-16820 Moderate 18724-16820 Moderate 18725-16823 Moderate 18726-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18723-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18724-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18725-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18726-16823 CBL-Mariner Releases 18723-16820 No Security Update 1.1.34-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18723-16820 CBL-Mariner Releases CBL-Mariner Releases 18724-16820 18726-16823 No Security Update 2.9.14-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18724-16820 18726-16823 CBL-Mariner Releases CBL-Mariner Releases 18725-16823 No Security Update 1.1.34-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18725-16823 CBL-Mariner Releases 1.0 2022-05-11T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-29968 Missing Initialization of Resource 18703-16820 18720-16823 18703-16820 18720-16823 Important 18703-16820 Important 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18703-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 CBL-Mariner Releases 18703-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18703-16820 CBL-Mariner Releases CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.0 2022-05-10T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30065 Use After Free 19500-16823 19500-16823 Important 19500-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19500-16823 CBL-Mariner Releases 19500-16823 No Security Update 1.35.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19500-16823 CBL-Mariner Releases 1.0 2022-06-02T00:00:00 <p>Information published.</p> uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30295 Use of Insufficiently Random Values 18709-16820 18710-16823 18709-16820 18710-16823 Moderate 18709-16820 Moderate 18710-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 18709-16820 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 18710-16823 CBL-Mariner Releases 18709-16820 18710-16823 No Security Update 1.0.41-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18709-16820 18710-16823 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30594 Missing Authorization 18720-16823 19693-17084 18720-16823 19693-17084 Important 18720-16823 Important 19693-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18720-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19693-17084 CBL-Mariner Releases 18720-16823 No Security Update 5.15.37.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18720-16823 CBL-Mariner Releases 1.1 2026-02-18T01:36:00 <p>Information published.</p> 1.0 2022-05-21T00:00:00 <p>Information published.</p> An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30783 Unchecked Return Value 19465-16823 19465-16823 Moderate 19465-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30784 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 19465-16823 19465-16823 Important 19465-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30786 Out-of-bounds Write 19465-16823 19465-16823 Important 19465-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30787 Integer Underflow (Wrap or Wraparound) 19465-16823 19465-16823 Moderate 19465-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-09T00:00:00 <p>Information published.</p> A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30788 Out-of-bounds Write 19465-16823 19465-16823 Important 19465-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31621 Improper Locking 18704-16820 18640-16823 18704-16820 18640-16823 Moderate 18704-16820 Moderate 18640-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18704-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 18704-16820 No Security Update 10.3.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18704-16820 CBL-Mariner Releases CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-05-28T00:00:00 <p>Information published.</p> MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (i.e. going to the err label) while executing the method create_worker_threads the held lock thd->ctrl_mutex is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31623 Improper Locking 18704-16820 18640-16823 18704-16820 18640-16823 Moderate 18704-16820 Moderate 18640-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18704-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 18704-16820 No Security Update 10.3.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18704-16820 CBL-Mariner Releases CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-05-28T00:00:00 <p>Information published.</p> MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex the held lock lock_bigbuffer is not released correctly which allows local users to trigger a denial of service due to the deadlock. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31624 Improper Locking 18704-16820 18640-16823 18704-16820 18640-16823 Moderate 18704-16820 Moderate 18640-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18704-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 18704-16820 No Security Update 10.3.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18704-16820 CBL-Mariner Releases CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-05-28T00:00:00 <p>Information published.</p> An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1587 Out-of-bounds Read 18705-16820 18705-16820 Critical 18705-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18705-16820 CBL-Mariner Releases 18705-16820 No Security Update 10.34-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18705-16820 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> Use after free in append_command in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1616 Use After Free 18699-16820 18706-16823 18699-16820 18706-16823 Important 18699-16820 Important 18706-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18706-16823 CBL-Mariner Releases 18699-16820 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 CBL-Mariner Releases CBL-Mariner Releases 18706-16823 No Security Update 8.2.4925-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18706-16823 CBL-Mariner Releases 1.0 2022-05-19T00:00:00 <p>Information published.</p> LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit b4e79bfa. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2022-1622 Out-of-bounds Read 19487-16823 19487-16823 Moderate 19487-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19487-16823 CBL-Mariner Releases 19487-16823 No Security Update 4.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19487-16823 CBL-Mariner Releases 1.0 2022-05-19T00:00:00 <p>Information published.</p> Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-1652 Use After Free 18667-16820 18668-16823 18667-16820 18668-16823 Important 18667-16820 Important 18668-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18667-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18668-16823 CBL-Mariner Releases 18667-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18667-16820 CBL-Mariner Releases CBL-Mariner Releases 18668-16823 No Security Update 5.15.55.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18668-16823 CBL-Mariner Releases 1.0 2022-06-11T00:00:00 <p>Information published.</p> 1.1 2022-06-12T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner debian Yes CVE-2022-1664 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19489-16823 19489-16823 Critical 19489-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19489-16823 CBL-Mariner Releases 19489-16823 No Security Update 1.20.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19489-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> Buffer Over-read in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1769 Buffer Over-read 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-26T00:00:00 <p>Information published.</p> 1.1 2022-05-27T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1796 Use After Free 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-05-27T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1886 Heap-based Buffer Overflow 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-06-03T00:00:00 <p>Information published.</p> Use After Free in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-1898 Use After Free 18699-16820 18700-16823 18699-16820 18700-16823 Important 18699-16820 Important 18700-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18699-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18700-16823 CBL-Mariner Releases 18699-16820 18700-16823 No Security Update 8.2.5064-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18699-16820 18700-16823 CBL-Mariner Releases 1.0 2022-06-05T00:00:00 <p>Information published.</p> ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2022-20785 Missing Release of Memory after Effective Lifetime 18715-16820 18715-16820 Important 18715-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18715-16820 CBL-Mariner Releases 18715-16820 No Security Update 0.103.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18715-16820 CBL-Mariner Releases 1.0 2022-05-13T00:00:00 <p>Information published.</p> Buffer overflow in TCP syslog server (receiver) components in rsyslog <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24903 Improper Validation of Specified Quantity in Input 18707-16820 18708-16823 18707-16820 18708-16823 Important 18707-16820 Important 18708-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18707-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18708-16823 CBL-Mariner Releases 18707-16820 No Security Update 8.37.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18707-16820 CBL-Mariner Releases CBL-Mariner Releases 18708-16823 No Security Update 8.2204.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18708-16823 CBL-Mariner Releases 1.0 2022-05-19T00:00:00 <p>Information published.</p> Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-26280. Notes: All CVE users should reference CVE-2022-26280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-28066 19498-16823 19498-16823 Moderate 19498-16823 CBL-Mariner Releases 19498-16823 No Security Update 3.6.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19498-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:16 <p>Information published.</p> In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2 a SQL injection vulnerability exists in the experimental back-sql backend to slapd via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed due to a lack of proper escaping. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-29155 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 18711-16820 18712-16823 18711-16820 18712-16823 Critical 18711-16820 Critical 18712-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18711-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18712-16823 CBL-Mariner Releases 18711-16820 No Security Update 2.4.57-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18711-16820 CBL-Mariner Releases CBL-Mariner Releases 18712-16823 No Security Update 2.4.57-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18712-16823 CBL-Mariner Releases 1.0 2022-05-13T00:00:00 <p>Information published.</p> A file handle created in fuse_lib_opendir and later used in fuse_lib_readdir enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30785 19465-16823 19465-16823 Moderate 19465-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30789 Out-of-bounds Write 19465-16823 19465-16823 Important 19465-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-06-08T00:00:00 <p>Information published.</p> MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31622 Improper Locking 18704-16820 18640-16823 18704-16820 18640-16823 Moderate 18704-16820 Moderate 18640-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18704-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18640-16823 CBL-Mariner Releases 18704-16820 No Security Update 10.3.35-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18704-16820 CBL-Mariner Releases CBL-Mariner Releases 18640-16823 No Security Update 10.6.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18640-16823 CBL-Mariner Releases 1.0 2022-05-28T00:00:00 <p>Information published.</p> A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3611 Improper Restriction of Operations within the Bounds of a Memory Buffer 18533-16820 17093-16823 18233-17084 18535-17084 18533-16820 17093-16823 18233-17084 18535-17084 Moderate 18533-16820 Moderate 17093-16823 Moderate 18233-17084 Moderate 18535-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18533-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 17093-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18233-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 17093-16823 No Security Update 6.2.0-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17093-16823 CBL-Mariner Releases CBL-Mariner Releases 18233-17084 18535-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18233-17084 18535-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:37:42 <p>Information published.</p> A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2021-3750 Use After Free 18879-16820 18880-16823 18535-17084 18879-16820 18880-16823 18535-17084 Important 18879-16820 Important 18880-16823 Important 18535-17084 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18879-16820 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18880-16823 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 18535-17084 CBL-Mariner Releases 18879-16820 No Security Update 4.2.0-41 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18879-16820 CBL-Mariner Releases CBL-Mariner Releases 18880-16823 No Security Update 6.2.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18880-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2022-05-17T00:00:00 <p>Information published.</p> 1.1 2024-08-05T00:00:00 <p>Information published.</p> 1.2 2024-08-06T00:00:00 <p>Information published.</p> 1.3 2024-08-07T00:00:00 <p>Information published.</p> 1.4 2024-08-08T00:00:00 <p>Information published.</p> 1.5 2024-08-09T00:00:00 <p>Information published.</p> 1.6 2024-08-10T00:00:00 <p>Information published.</p> 1.7 2024-08-11T00:00:00 <p>Information published.</p> 1.8 2024-08-12T00:00:00 <p>Information published.</p> 1.9 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2024-08-17T00:00:00 <p>Information published.</p> 2.1 2024-08-18T00:00:00 <p>Information published.</p> 2.2 2024-08-19T00:00:00 <p>Information published.</p> 2.3 2024-08-20T00:00:00 <p>Information published.</p> 2.4 2024-08-21T00:00:00 <p>Information published.</p> 2.5 2024-08-22T00:00:00 <p>Information published.</p> 2.6 2024-08-23T00:00:00 <p>Information published.</p> 2.7 2024-08-24T00:00:00 <p>Information published.</p> 2.8 2024-08-25T00:00:00 <p>Information published.</p> 2.9 2024-08-26T00:00:00 <p>Information published.</p> 3.0 2024-08-27T00:00:00 <p>Information published.</p> 3.1 2024-08-28T00:00:00 <p>Information published.</p> 3.2 2024-08-29T00:00:00 <p>Information published.</p> 3.3 2024-08-30T00:00:00 <p>Information published.</p> 3.4 2024-08-31T00:00:00 <p>Information published.</p> 3.5 2024-09-01T00:00:00 <p>Information published.</p> 3.6 2024-09-02T00:00:00 <p>Information published.</p> 3.7 2024-09-03T00:00:00 <p>Information published.</p> 3.8 2024-09-05T00:00:00 <p>Information published.</p> 3.9 2024-09-06T00:00:00 <p>Information published.</p> 4.0 2024-09-07T00:00:00 <p>Information published.</p> 4.1 2024-09-08T00:00:00 <p>Information published.</p> 4.2 2024-09-11T00:00:00 <p>Information published.</p> ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however it is shipped by some Linux distributions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-46790 Out-of-bounds Write 19465-16823 19465-16823 Important 19465-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19465-16823 CBL-Mariner Releases 19465-16823 No Security Update 2022.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19465-16823 CBL-Mariner Releases 1.0 2022-05-10T00:00:00 <p>Information published.</p> Uncaught Exception (due to a data race) leads to process termination in Waitress <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-31015 Uncaught Exception 17597-17084 17597-17084 Moderate 17597-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17597-17084 CBL-Mariner Releases 17597-17084 No Security Update 3.0.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17597-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-30767 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19662-17086 17459-17084 17093-17086 19662-17086 17459-17084 17093-17086 19662-17086 Critical 17459-17084 Critical 17093-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19662-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17459-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17093-17086 2.0 2026-02-18T02:44:32 <p>Information published.</p> 1.0 2025-09-04T03:14:08 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-21972 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/i4mchr00t">Alex Nichols</a> with <a href="https://labs.nettitude.com/">Nettitude</a> <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T07:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-23270 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/lewislee53">Lewis Lee</a> and <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a> liubenjin with Codesafe Team of Legendsec at QI-ANXIN Group <a href="https://twitter.com/i4mchr00t">Alex Nichols</a> with <a href="https://labs.nettitude.com/">Nettitude</a> 1.0 2022-05-10T07:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-22713 11896 11803 11931 Denial of Service 11896 Denial of Service 11803 Denial of Service 11931 Important 11896 Important 11803 Important 11931 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.6 5.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11896 5.6 5.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11803 5.6 5.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11931 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11803 11931 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11931 5013942 Joe Bialek, MSRC Vulnerabilities and Mitigations Team 1.0 2022-05-10T07:00:00 <p>Information published.</p> Windows Authentication Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine (A:N).</p> Windows Authentication Methods Microsoft Yes CVE-2022-26913 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11712 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11713 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11714 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11896 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11897 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11898 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11801 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11802 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11803 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 Aapo Oksman with <a href="https://nixu.com/">Nixu Cybersecurity</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2022-23267 11730 11761 11872 11901 11935 11969 12009 12020 11745 11970 12052 Denial of Service 11730 Denial of Service 11761 Denial of Service 11872 Denial of Service 11901 Denial of Service 11935 Denial of Service 11969 Denial of Service 12009 Denial of Service 12020 Denial of Service 11745 Denial of Service 11970 Denial of Service 12052 Important 11730 Important 11761 Important 11872 Important 11901 Important 11935 Important 11969 Important 12009 Important 12020 Important 11745 Important 11970 Important 12052 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11730 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11761 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11872 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11901 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11935 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11969 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12020 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11745 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11970 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12052 5014326 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014326 11730 Maybe Security Update 3.1.25 https://support.microsoft.com/help/5014326 11730 5014326 5014329 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014329 11761 Maybe Security Update 5.0.17 https://support.microsoft.com/help/5014329 11761 5014329 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.21 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio Mac 2019 11901 Maybe Security Update 8.10.24 https://docs.microsoft.com/visualstudio/releasenotes/vs2019-mac-relnotes 11901 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.14 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.10 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes 5014330 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014330 12009 Maybe Security Update 6.0.5 https://support.microsoft.com/help/5014330 12009 5014330 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.1 12020 Maybe Security Update 17.1.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.1.md 12020 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11745 Maybe Security Update 7.0.11 https://github.com/PowerShell/Announcements/issues/32 11745 Release Notes Release Notes https://github.com/PowerShell/PowerShell#get-powershell 11970 Maybe Security Update 7.2.4 https://github.com/PowerShell/Announcements/issues/32 11970 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio Mac 2022 12052 Maybe Security Update 17.0.3 https://docs.microsoft.com/en-us/visualstudio/releases/2022/mac-release-notes 12052 Release Notes 1.0 2022-05-10T07:00:00 <p>Information published.</p> 3.0 2022-06-14T07:00:00 <p>Revised the Security Updates table to include Visual Studio 2019 for Mac and Visual Studio 2022 for Mac because these versions of Visual Studio for Mac are affected by this vulnerability. Microsoft strongly recommends that customers running these versions of Visual Studio install the updates to be fully protected from the vulnerability.</p> 2.0 2022-05-17T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.0 and PowerShell 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/32">https://github.com/PowerShell/Announcements/issues/32</a> for more information. In addition the Security Updates table was updated to include Visual Studio 2019 version 16.11 as it is also affected by this vulnerability. Customers who have already installed the May 2022 security updates for Visual Studio 2019 version 16.11 do not need to take any further action.</p> Windows LSA Spoofing Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.</p> <p><strong>Is there more information available on how to protect my system?</strong></p> <p>Yes. Please see <a href="https://msrc.microsoft.com/update-guide/vulnerability/ADV210003">ADV210003 Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)</a>.</p> <p><strong>Are there further actions I need to take to protect my system after I have applied the security update?</strong></p> <p>Yes. Please see <a href="https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429">KB5005413</a> for more information on the steps that you need to take to protect your system. Please note that the combined CVSS score would be 9.8 when this vulnerability is chained with the noted NTLM Relay Attacks on Active Directory Certificate Services (AD CS).</p> <p><strong>Should I prioritize updating domain controllers when I apply the security updates released on May 10, 2022?</strong></p> <p>Yes. This vulnerability affects all servers but domain controllers should be prioritized in terms of applying security updates.</p> <p><strong>How will installing the updates that address this CVE impact my environment?</strong></p> <p>The EFS API <a href="https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa">OpenEncryptedFileRaw(A/W)</a>, often used in backup software, continues to work in all versions of Windows (local and remote), except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2.</p> <p><strong>Note</strong>: If you are unable to use backup software on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 and later, after installing the updates that address this CVE, contact the manufacturer of your backup software for updates and support.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Microsoft Local Security Authority Server (lsasrv) Microsoft Yes CVE-2022-26925 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11712 Spoofing 11713 Spoofing 11714 Spoofing 11896 Spoofing 11897 Spoofing 11898 Spoofing 11923 Spoofing 11924 Spoofing 11801 Spoofing 11802 Spoofing 11803 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10047 Spoofing 10048 Spoofing 10481 Spoofing 10482 Spoofing 10484 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Raphael John with Bertelsmann Printing Group 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Address Book Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user import a specially crafted contact record into the Windows Address Book.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Address Book Microsoft Yes CVE-2022-26926 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="www.cse-cst.gc.ca">Communications Security Establishment</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-08-31T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Graphics Component Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The resulting Remote Code Execution would be within the context of the authenticated local user.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-26927 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 Uncodable working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2022-26930 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/lxf02942370">Xuefeng Li</a>, <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a>, and Feng Dong with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-07-28T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>Where can I find out more information about this vulnerability?</strong></p> <p>Please see <a href="https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16">Certificate-based authentication changes on Windows domain controllers</a> for more information and ways to protect yourself.</p> Windows Kerberos Microsoft Yes CVE-2022-26931 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Andrew Bartlett of <a href="https://catalyst.net.nz/services/samba">Catalyst and Samba Team</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-05-10T07:00:00 <p>Added an FAQ. This is an information change only.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Windows Storage Spaces Controller Microsoft Yes CVE-2022-26932 11571 11572 11923 11924 11803 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows NTFS Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows NTFS Microsoft Yes CVE-2022-26933 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Wen with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Graphics Component Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-26934 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 11575 11762 11763 11951 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 11575 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 11575 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11575 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.63.22070801 https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Release Notes Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run <a href="https://twitter.com/gaborseljan">G&#225;bor Selj&#225;n</a> <a href="https://twitter.com/gaborseljan">G&#225;bor Selj&#225;n</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 2.0 2022-07-12T07:00:00 <p>In the Security Updates table, added the following versions of Microsoft Office as they also affected by CVE-2022-26934: Microsoft 365 Apps for Enterprise for 32-bit Systems, Microsoft 365 Apps for Enterprise for 64-bit Systems, Microsoft Office 2019 for Mac, and Microsoft Office LTSC for Mac 2021. Microsoft strongly recommends that customers running any of these versions of Office install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Windows WLAN AutoConfig Service Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows WLAN Auto Config Service Microsoft Yes CVE-2022-26935 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Server Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The presence of specific file names and users can be confirmed over the internal network.</p> <p><strong>What is the Windows Server Service?</strong></p> <p>The Windows Server Service is frequently referred to as LanmanServer, and is responsible for making printer and file sharing possible within a Windows powered network.</p> Windows Server Service Microsoft Yes CVE-2022-26936 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://github.com/0xea31">0xea31</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Network File System Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).</p> Windows Network File System Microsoft Yes CVE-2022-26937 11571 11572 11923 11924 11803 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11803 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11803 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10051 10049 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.</p> <p>The following PowerShell command will disable those versions:</p> <p><code>PS C:\Set-NfsServerConfiguration -EnableNFSV2 $false -EnableNFSV3 $false</code></p> <p>After this, you will need to restart NFS server or reboot the machine.</p> <p>To restart NFS server, start a <strong>cmd</strong> window with <strong>Run as Administrator</strong>, enter the following commands:</p> <ul> <li><strong>nfsadmin server stop</strong></li> <li><strong>nfsadmin server start</strong></li> </ul> <p>To confirm that NFSv2 and NFSv3 have been turned off, run the following command in a Powershell window:</p> <p><code>PS C:\Get-NfsServerConfiguration</code></p> <p>Here is the sample output, and notice the EnableNFSv2 and EnableNFSv3 are &quot;False&quot; now:</p> <pre><code>State : Running LogActivity : CharacterTranslationFile : Not Configured DirectoryCacheSize (KB) : 128 HideFilesBeginningInDot : Disabled EnableNFSV2 : False EnableNFSV3 : False EnableNFSV4 : True EnableAuthenticationRenewal : True AuthenticationRenewalIntervalSec : 600 NlmGracePeriodSec : 45 MountProtocol : {TCP, UDP} NfsProtocol : {TCP, UDP} NisProtocol : {TCP, UDP} NlmProtocol : {TCP, UDP} NsmProtocol : {TCP, UDP} PortmapProtocol : {TCP, UDP} MapServerProtocol : {TCP, UDP} PreserveInheritance : False NetgroupCacheTimeoutSec : 30 UnmappedUserAccount : WorldAccount : Everyone AlwaysOpenByName : False GracePeriodSec : 240 LeasePeriodSec : 120 OnlineTimeoutSec : 180 </code></pre> <p>To re-enable NFSv2/v3 when machine is patched, enter the following command:</p> <p><code>Set-NfsServerConfiguration -EnableNFSV2 $True -EnableNFSV3 $True </code></p> <p>Again after this, you will need to restart NFS server or reboot the machine.</p> <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Storage Spaces Controller Microsoft Yes CVE-2022-26938 11571 11572 11923 11924 11803 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Storage Spaces Direct Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Storage Spaces Controller Microsoft Yes CVE-2022-26939 11571 11572 11923 11924 11803 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Remote Desktop Protocol Client Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Remote Desktop Client Microsoft Yes CVE-2022-26940 11849 11923 11924 11926 11927 Information Disclosure 11849 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Important 11849 Important 11923 Important 11924 Important 11926 Important 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11849 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Maybe Security Update 1.2.3130 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Release Notes 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Graphics Component Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-22011 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11801 11802 11803 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 willJ from CDSRC 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>Are there any special conditions necessary for this vulnerability to be exploitable?</strong></p> <p>Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.</p> <p>For more information, please see <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99">LDAP policies</a>.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-22012 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-22013 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-22014 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows Remote Desktop Microsoft Yes CVE-2022-22015 11568 11569 11570 11571 11572 11712 11713 11714 11849 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11849 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11849 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11849 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Maybe Security Update 1.2.3130 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Release Notes 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows PlayToManager Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Media Microsoft Yes CVE-2022-22016 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 1.0 2022-05-10T08:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p><strong>How would an attacker exploit this vulnerability?</strong></p> <p>An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.</p> Remote Desktop Client Microsoft Yes CVE-2022-22017 11849 11923 11924 11926 11927 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Critical 11849 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 Release Notes https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Maybe Security Update 1.2.3130 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130 11849 Release Notes 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Failover Cluster Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Failover Cluster Automation Server Microsoft Yes CVE-2022-29102 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Microsoft Yes CVE-2022-29103 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of <href="https://www.sangfor.com/" Sangfor"> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components Microsoft Yes CVE-2022-29104 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 National Security Agency Oliver Lyak (@ly4k_) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-06-03T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Microsoft Windows Media Foundation Remote Code Execution Vulnerability Windows Media Microsoft Yes CVE-2022-29105 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11801 11802 11803 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 HAO LI of VenusTech ADLab jackery Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-05-23T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-29106 11571 11572 11923 11924 11803 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability would be able to view Personally Identifiable Information (PII), bypassing the &quot;ThisDocument.RemovePersonalInformation&quot; expected functionality. The attacker would need to first gain access to a document protected in this way by the target.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A attacker would need to make use of the affected protection and then make the file accessible, either through direct file sharing, posting the file online, or another avenue of access.</p> Microsoft Office Microsoft Yes CVE-2022-29107 11952 11953 11573 11574 11762 11763 10746 10747 10749 10750 10609 10610 10606 10604 10605 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 10746 Security Feature Bypass 10747 Security Feature Bypass 10749 Security Feature Bypass 10750 Security Feature Bypass 10609 Security Feature Bypass 10610 Security Feature Bypass 10606 Security Feature Bypass 10604 Security Feature Bypass 10605 Important 11952 Important 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 10746 Important 10747 Important 10749 Important 10750 Important 10609 Important 10610 Important 10606 Important 10604 Important 10605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10746 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10747 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10749 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10750 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10609 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10610 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10606 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10604 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10605 Click to Run 11952 11953 11573 11574 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11952 11953 11573 11574 11762 11763 Click to Run 5002184 https://www.microsoft.com/download/details.aspx?familyid=85a5d0e9-02a2-4a12-b3f8-7917085f78b0 5002139 10746 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/5002184 10746 5002184 5002184 https://www.microsoft.com/download/details.aspx?familyid=58557268-b2bc-4566-9162-33442efe594c 5002139 10747 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/5002184 10747 5002184 4493152 https://www.microsoft.com/download/details.aspx?familyid=b674e421-6b68-4041-ae52-cf67f92fb8ec 4011097 10749 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/4493152 10749 4493152 4493152 https://www.microsoft.com/download/details.aspx?familyid=63e679cc-3880-40b3-947c-88380a72ba21 4011097 10750 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/4493152 10750 4493152 4484347 https://www.microsoft.com/download/details.aspx?familyid=bd940041-27c6-4558-960d-c59939f448ae 3162033 10609 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/4484347 10609 4484347 4484347 https://www.microsoft.com/download/details.aspx?familyid=cabe15fe-698e-4a53-ba8d-3c8d1c54fe5a 3162033 10610 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/4484347 10610 4484347 5002187 5002068 10606 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002187 10606 5002187 5002187 https://www.microsoft.com/download/details.aspx?familyid=4bc31bb5-f01e-4273-b11e-51fa491b0fc2 5002068 10604 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002187 10604 5002187 5002187 https://www.microsoft.com/download/details.aspx?familyid=eff4d15a-c437-4b0b-bda2-5b73e994aafd 5002068 10605 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002187 10605 5002187 Nathan Shomber of Microsoft 1.0 2022-05-10T08:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2022-29108 10950 11585 11961 10612 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Remote Code Execution 10612 Important 10950 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10612 5002195 https://www.microsoft.com/download/details.aspx?familyid=5d649172-842a-4754-a06f-6f5524afc614 5002183 10950 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/5002195 10950 5002195 5002207 https://www.microsoft.com/download/details.aspx?familyid=63781734-d220-46b7-819a-dd8bc04fa8d4 5002180 11585 Maybe Security Update 16.0.10386.20011 https://support.microsoft.com/kb/5002207 11585 5002207 5002194 https://www.microsoft.com/download/details.aspx?familyid=410b2dfd-6ba0-45e7-b230-91cb5f408445 11961 Maybe Security Update 16.0.14931.20286 https://support.microsoft.com/kb/5002194 11961 5002194 5002203 https://www.microsoft.com/download/details.aspx?familyid=f757cd3f-4491-47a6-a0cb-1a2c1d265e57 5002189 10612 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002203 10612 5002203 <a href="https://twitter.com/testanull">Nguyen Tien Giang</a> with <a href="https://twitter.com/starlabs_sg">STAR Labs</a> Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> <a href="https://twitter.com/_q5ca">Q5Ca</a> with <a href="https://khonggianmang.vn/">NCSC Vietnam</a> Yuhao Weng & Zhiniang Peng & Feng Dong with <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> Microsoft Office Excel Microsoft Yes CVE-2022-29109 11573 11574 11605 11762 11763 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11605 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002205 https://www.microsoft.com/download/details.aspx?familyid=3f8a191d-ba85-4ef8-9b2f-132f081e94f0 5002162 11605 Maybe Security Update 16.0.10386.20015 https://support.microsoft.com/kb/5002205 11605 5002205 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2022-29110 10739 10740 10656 10654 10655 10611 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10611 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 5002196 https://www.microsoft.com/download/details.aspx?familyid=66a66054-4853-4a76-a61d-4c367bfcbc9f 5002177 10739 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/5002196 10739 5002196 5002196 https://www.microsoft.com/download/details.aspx?familyid=c504dca2-357b-4892-9042-df18a3975feb 5002177 10740 Maybe Security Update 16.0.5317.1000 https://support.microsoft.com/kb/5002196 10740 5002196 5002204 5002175 10656 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002204 10656 5002204 5002204 https://www.microsoft.com/download/details.aspx?familyid=869f65d7-1c1c-45cb-9971-7709ac9e4d91 5002175 10654 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002204 10654 5002204 5002204 https://www.microsoft.com/download/details.aspx?familyid=9056e733-1b87-47b1-9074-480fde72961f 5002175 10655 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002204 10655 5002204 5002199 https://www.microsoft.com/download/details.aspx?familyid=f2400f94-3149-47a9-9635-ae2948039cfe 5002169 10611 Maybe Security Update 15.0.5449.1000 https://support.microsoft.com/kb/5002199 10611 5002199 <a href="https://twitter.com/jq0904">Jinquan</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity Lieying Lab</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Graphics Component Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-29112 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/gaborseljan">G&#225;bor Selj&#225;n</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Digital Media Receiver Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows Media Microsoft Yes CVE-2022-29113 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) & Feng Dong of <a href="https://www.sangfor.com/">Sangfor</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-07-28T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Print Spooler Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-29114 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Oliver Lyak (@ly4k_) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Fax Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user import a specially crafted contact record and then send it a FAX.</p> Role: Windows Fax Service Microsoft Yes CVE-2022-29115 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/ecthr0s">George Hughey</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2022-29117 12009 11730 11761 11969 11872 12020 11935 Denial of Service 12009 Denial of Service 11730 Denial of Service 11761 Denial of Service 11969 Denial of Service 11872 Denial of Service 12020 Denial of Service 11935 Important 12009 Important 11730 Important 11761 Important 11969 Important 11872 Important 12020 Important 11935 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11730 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11761 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11969 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11872 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12020 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11935 5014330 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014330 12009 Maybe Security Update 6.0.5 https://support.microsoft.com/help/5014330 12009 5014330 5014326 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014326 11730 Maybe Security Update 3.1.25 https://support.microsoft.com/help/5014326 11730 5014326 5014329 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014329 11761 Maybe Security Update 5.0.17 https://support.microsoft.com/help/5014329 11761 5014329 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.10 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.21 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.1 12020 Maybe Security Update 17.1.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.1.md 12020 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.14 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes <a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Push Notifications Apps Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Push Notifications Microsoft Yes CVE-2022-29125 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Anonymous 1.0 2022-05-10T08:00:00 <p>Information published.</p> Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Tablet Windows User Interface Microsoft Yes CVE-2022-29126 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Anonymous 1.0 2022-05-10T08:00:00 <p>Information published.</p> BitLocker Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2022-29127 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Matt Wesemann with Microsoft 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29128 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29129 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>Are there any special conditions necessary for this vulnerability to be exploitable?</strong></p> <p>Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.</p> <p>For more information, please see <a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99">LDAP policies</a>.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29130 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29131 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components Microsoft Yes CVE-2022-29132 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 g0st1 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows Kernel Microsoft Yes CVE-2022-29133 11926 11927 Elevation of Privilege 11926 Elevation of Privilege 11927 Important 11926 Important 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 Anonymous 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Clustered Shared Volume Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29134 11571 11572 11923 11924 11803 10816 10855 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29135 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29137 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Clustered Shared Volume Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29138 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server to gain remote code execution within the LDAP client.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29139 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Print Spooler Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-29140 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11803 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11712 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11713 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11714 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 Oliver Lyak (@ly4k_) working with <a href=https://www.zerodayinitiative.com/>Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2022-29141 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Kernel Microsoft Yes CVE-2022-29142 11568 11569 11570 11571 11712 11713 11714 11896 11897 11898 11924 11801 11802 11803 11929 11930 11931 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11568 Important 11569 Important 11570 Important 11571 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11924 Important 11801 Important 11802 Important 11803 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2022-29145 12009 11730 11761 12020 11872 11969 11935 Denial of Service 12009 Denial of Service 11730 Denial of Service 11761 Denial of Service 12020 Denial of Service 11872 Denial of Service 11969 Denial of Service 11935 Important 12009 Important 11730 Important 11761 Important 12020 Important 11872 Important 11969 Important 11935 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11730 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11761 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12020 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11872 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11969 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11935 5014330 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014330 12009 Maybe Security Update 6.0.5 https://support.microsoft.com/help/5014330 12009 5014330 5014326 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014326 11730 Maybe Security Update 3.1.25 https://support.microsoft.com/help/5014326 11730 5014326 5014329 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014329 11761 Maybe Security Update 5.0.17 https://support.microsoft.com/help/5014329 11761 5014329 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.1 12020 Maybe Security Update 17.1.7 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.1.md 12020 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9 11872 Maybe Security Update 16.9.21 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9 11872 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.10 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 11969 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.14 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes <a href="https://twitter.com/larseidnes">Lars Eidnes</a> with <a href="https://catchjs.com/">CatchJS</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Visual Studio Microsoft Yes CVE-2022-29148 11600 Remote Code Execution 11600 Important 11600 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.48 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes ZhangYang working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29150 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T07:00:00 <p>Information published.</p> Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29151 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11803 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> Windows Remote Procedure Call Runtime Microsoft Yes CVE-2022-22019 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> .NET Framework Denial of Service Vulnerability .NET Framework Microsoft Yes CVE-2022-30130 11863-10047 11863-10048 11863-10481 11863-10482 11863-10484 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12115-9312 12115-9318 12135-10729 12135-10735 Denial of Service 11863-10047 Denial of Service 11863-10048 Denial of Service 11863-10481 Denial of Service 11863-10482 Denial of Service 11863-10484 Denial of Service 11863-10051 Denial of Service 11863-10049 Denial of Service 11863-10378 Denial of Service 11863-10379 Denial of Service 11863-10483 Denial of Service 11863-10543 Denial of Service 12115-9312 Denial of Service 12115-9318 Denial of Service 12135-10729 Denial of Service 12135-10735 Low 11863-10047 Low 11863-10048 Low 11863-10481 Low 11863-10482 Low 11863-10484 Important 11863-10051 Low 11863-10049 Low 11863-10378 Low 11863-10379 Low 11863-10483 Low 11863-10543 Low 12115-9312 Low 12115-9318 Low 12135-10729 Low 12135-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10047 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10048 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10481 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10482 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10484 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10051 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10049 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10378 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10379 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10483 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 11863-10543 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 12115-9312 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 12115-9318 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 12135-10729 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C 12135-10735 5013870 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013644 5012329 11863-10047 11863-10048 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.03946.07 https://support.microsoft.com/help/5013870 11863-10047 11863-10048 11863-10051 11863-10049 5013870 5013837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013612 11863-10047 11863-10048 11863-10051 11863-10049 Maybe Security Only 4.7.03946.05 https://support.microsoft.com/help/5013837 11863-10047 11863-10048 11863-10051 11863-10049 5013837 5013872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013643 5012331 11863-10481 11863-10482 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.03946.02 https://support.microsoft.com/help/5013872 11863-10481 11863-10482 11863-10483 11863-10543 5013872 5013839 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013623 11863-10481 11863-10482 11863-10483 11863-10543 Maybe Security Only 4.7.03946.03 https://support.microsoft.com/help/5013839 11863-10481 11863-10482 11863-10483 11863-10543 5013839 5013872 5012331 11863-10484 Maybe Monthly Rollup 4.7.03946.02 https://support.microsoft.com/help/5013872 11863-10484 5013872 5013871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013642 5012330 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.03946.02 https://support.microsoft.com/help/5013871 11863-10378 11863-10379 5013871 5013838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013622 11863-10378 11863-10379 Maybe Security Only 4.7.03946.03 https://support.microsoft.com/help/5013838 11863-10378 11863-10379 5013838 5013873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013644 5012332 12115-9312 12115-9318 Maybe Monthly Rollup 4.7.03946.07 https://support.microsoft.com/help/5013873 12115-9312 12115-9318 5013873 5013840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013612 12115-9312 12115-9318 Maybe Security Only 4.7.03946.05 https://support.microsoft.com/help/5013840 12115-9312 12115-9318 5013840 5021243 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021243 5019970 12135-10729 12135-10735 Yes Security Update 10.0.10240.19624 https://support.microsoft.com/help/5021243 12135-10729 12135-10735 5021243 5020880 https://support.microsoft.com/help/5020880 12135-10729 12135-10735 <a href="https://twitter.com/3r4nz">Eran Zimmerman Gonen</a> with <a href="https://www.accenture.com/us-en/services/security-index">Accenture Security Israel</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 2.0 2022-08-09T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released Monthly Rollup KB5016268 for .NET Framework 3.5 installed on Windows 8.1 and Windows Server 2012 R2. Microsoft strongly recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 3.0 2022-12-02T08:00:00 <p>In the Security Updates table made the following revisions: 1) Added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Removed .NET Framework 4.6 and .NET Framework 4.6.1 installed on supported editions of Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 as these versions of .NET Framework are no longer supported.</p> 3.1 2022-12-15T08:00:00 <p>The following revisions have been made: 1) Added .NET Framework 3.5 and 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Chromium: CVE-2022-1634 Use after free in Browser UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1634 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1635 Use after free in Permission Prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1635 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1636 Use after free in Performance APIs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1636 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1637 Inappropriate implementation in Web Contents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1637 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1638 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1639 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1639 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1640 Use after free in Sharing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>101.0.1210.47</td> <td>5/13/2022</td> <td>101.0.4951.64</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1640 11655 11655 11655 Release Notes 11655 No Security Update 101.0.1210.47 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-30128 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.daviderceg.com/">David Erceg</a> 1.0 2022-05-31T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-30127 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.daviderceg.com/">David Erceg</a> 1.0 2022-05-31T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user have multiple browser instances open of the affected version of Microsoft Edge (Chromium-based), one of which is a specially crafted website hosted by the attacker. The user would need to access the URL of the malicious website and then click a popup displayed on that site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2022-26905 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Felix B 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1853 Use after free in Indexed DB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1853 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1854 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1854 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1855 Use after free in Messaging <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1855 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1856 Use after free in User Education <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1856 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1857 Insufficient policy enforcement in File System API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1857 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1858 Out of bounds read in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1858 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1859 Use after free in Performance Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1859 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1862 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1862 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1863 Use after free in Tab Groups <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1863 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1864 Use after free in WebApp Installs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1864 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1865 Use after free in Bookmarks <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1865 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1867 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1868 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1868 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1869 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1869 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1870 Use after free in App Service <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1870 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1871 Insufficient policy enforcement in File System API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1871 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1872 Insufficient policy enforcement in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1872 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1873 Insufficient policy enforcement in COOP <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1873 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1874 Insufficient policy enforcement in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1874 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1875 Inappropriate implementation in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1875 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Chromium: CVE-2022-1876 Heap buffer overflow in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>102.0.1245.30</td> <td>5/31/2022</td> <td>102.0.5005.61</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-1876 11655 11655 11655 Release Notes 11655 No Security Update 102.0.1245.30 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2022-05-31T07:00:00 <p>Information published.</p> Windows ALPC Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows ALPC Microsoft Yes CVE-2022-23279 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 Jarvis_1oop 1.0 2022-05-10T07:00:00 <p>Information published.</p> Active Directory Domain Services Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.</p> <p><strong>Where can I find out more information about this vulnerability?</strong></p> <p>Please see <a href="https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16">Certificate-based authentication changes on Windows domain controllers</a> for more information and ways to protect yourself.</p> Windows Active Directory Microsoft Yes CVE-2022-26923 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11803 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10481 Critical 10482 Critical 10484 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025229 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 https://support.microsoft.com/help/5025230 11923 11924 5025230 5025230 https://support.microsoft.com/help/5025230 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 https://support.microsoft.com/help/5025224 11926 11927 5025224 5025224 https://support.microsoft.com/help/5025224 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 https://support.microsoft.com/help/5025228 10852 10853 10816 10855 5025228 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 https://support.microsoft.com/help/5025285 10483 10543 5025285 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 https://support.microsoft.com/help/5025288 10483 10543 5025288 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>A system is vulnerable only if both the Active Directory Certificate Services role and the Active Directory Domain Services role are installed on a server in the network. Note that they would not necessarily need to be on the same server.</p> Oliver Lyak (@ly4k_) of Institut For Cyber Risk working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> 1.1 2022-05-10T07:00:00 <p>Added an FAQ. This is an information change only.</p> 1.2 2023-01-17T08:00:00 <p>Acknowledgement added. This is an informational change only.</p> 2.0 2023-04-11T07:00:00 <p>Microsoft is announcing the release of the second phase of Windows security updates to address this vulnerability. The April 2023 updates remove the Disabled mode so that you can no longer place domain controllers in Disabled mode using a registry key setting. Please see <a href="https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16">Certificate-based authentication changes on Windows domain controllers</a> for more information and ways to protect yourself.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p><strong>Do I need to take further steps to be protected from this vulnerability?</strong></p> <p>Because of additional security hardening work for CVE-2022-21978, the following actions should be taken in addition to application of May 2022 security updates:</p> <p>For customers that have Exchange Server 2016 CU22 or CU23, or Exchange Server 2019 CU11 or CU12 installed</p> <p>Install the May 2022 SU first and then run one of the following commands using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):</p> <ul> <li><p><code>Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains</code></p> </li> <li><p><code>Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains</code></p> </li> </ul> <p>For customers that have Exchange Server 2013 CU23 installed:</p> <p>Install the May 2022 SU first and then run the following command using Setup.exe in your Exchange Server installation path (e.g., …\Program Files\Microsoft\Exchange Server\v15\Bin):</p> <ul> <li><code>Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains</code></li> </ul> <p>For customers that have any older version of Exchange Server not listed above:</p> <p>Update your Exchange server to the latest CU, install May 2022 SU and then follow the steps above.</p> <p><strong>NOTE: You need to run /PrepareAllDomains only once per organization and those changes will apply to all versions of Exchange Server within the organization. When you run /PrepareAllDomains, your account needs to be a member of the Enterprise Admins security group. This might be a different account from the one you use to install the SU.</strong></p> <p>Please see <a href="https://prod.support.services.microsoft.com/en-us/topic/ecc40b66-3b64-4eea-977f-a937f33990d0">New Exchange Server Security Update and Hotfix Packaging</a> for more information</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to be authenticated to the Exchange Server as a member of a high privileged group.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, an attacker with elevated privileges on the Exchange server could gain the rights of a Domain Administrator. This could allow access and controls outside of the expected scope of the targeted functionality.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-21978 11956 11957 11682 12039 12038 Elevation of Privilege 11956 Elevation of Privilege 11957 Elevation of Privilege 11682 Elevation of Privilege 12039 Elevation of Privilege 12038 Important 11956 Important 11957 Important 11682 Important 12039 Important 12038 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.2 7.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 5014261 https://www.microsoft.com/en-us/download/details.aspx?familyID=78a65874-1ca8-4ccc-b41a-f47823cf3598 5012698 11956 Yes Security Update 15.01.2375.028 https://support.microsoft.com/help/5014261 11956 5014261 5014261 https://www.microsoft.com/en-us/download/details.aspx?familyID=ca8fb2cb-505a-4120-a1ea-c479a948f200 5012698 11957 Yes Security Update 15.02.0986.026 https://support.microsoft.com/help/5014261 11957 5014261 5014260 https://www.microsoft.com/en-us/download/details.aspx?familyID=943353da-e3d1-4397-abb0-ea02fb779fb2 5010324 11682 Yes Security Update 15.00.1497.36 https://support.microsoft.com/help/5014260 11682 5014260 5014261 https://www.microsoft.com/en-us/download/details.aspx?familyID=51ee8758-94a2-4c8c-9349-fad41558570f 5012698 12039 Yes Security Update 15.01.2507.009 https://support.microsoft.com/help/5014261 12039 5014261 5014261 https://www.microsoft.com/en-us/download/details.aspx?familyID=11b71eb1-8e6f-47e5-a58c-74aa94be1ea6 5012698 12038 Yes Security Update 15.02.1118.009 https://support.microsoft.com/help/5014261 12038 5014261 Joonas Tuomisto of Fujitsu Finland 1.0 2022-05-10T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2022-29116 11926 11927 Information Disclosure 11926 Information Disclosure 11927 Important 11926 Important 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Clustered Shared Volume Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29120 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows WLAN AutoConfig Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> Windows WLAN Auto Config Service Microsoft Yes CVE-2022-29121 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11803 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11712 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11713 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11714 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Clustered Shared Volume Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29122 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11803 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Windows Clustered Shared Volume Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Cluster Shared Volume (CSV) Microsoft Yes CVE-2022-29123 11571 11572 11923 11924 11803 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11803 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 11803 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 11923 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 11924 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 11803 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 6.5 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11571 11572 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013942 https://support.microsoft.com/help/5013942 11803 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10816 10855 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10483 10543 k0shl with Kunlun Lab 1.0 2022-05-10T08:00:00 <p>Information published.</p> Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver <p><strong>Is the CVSS vector different as it relates to the Microsoft services that the vulnerability affects?</strong></p> <p>The vulnerability in the Redshift driver referenced in the CVE impacts Microsoft services listed in the affected software table. The environmental score as it relates to affected Microsoft services can be different than the score assigned by the owner of the CVE. The base environmental score that Microsoft has assigned is 8.2.</p> <table> <thead> <tr> <th>Environmental Vector Element</th> <th>Value</th> <th>Comment</th> </tr> </thead> <tbody> <tr> <td>Modified Attack Vector</td> <td>Network</td> <td></td> </tr> <tr> <td>Modified Attack Complexity</td> <td>Low</td> <td></td> </tr> <tr> <td>Modified Privileges Required</td> <td>High</td> <td></td> </tr> <tr> <td>Modified User Interaction</td> <td>None</td> <td></td> </tr> <tr> <td>Modified Scope</td> <td>Changed</td> <td>The vulnerability in the redshift driver impacts the services listed in the affected software.</td> </tr> <tr> <td>Modified Confidentiality</td> <td>High</td> <td></td> </tr> <tr> <td>Modified Integrity</td> <td>High</td> <td></td> </tr> <tr> <td>Modified Availability</td> <td>High</td> <td></td> </tr> </tbody> </table> <p><strong>Are there any special roles that enable exploitation of this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to have at least one of the following roles:</p> <ul> <li>Synapse Administrator</li> <li>Synapse Contributor</li> <li>Synapse Compute Operator</li> </ul> <p>For more details on these roles, please refer to <a href="https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-synapse-rbac-roles">Synapse RBAC Roles</a>.</p> <p><strong>Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?</strong></p> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29972">CVE-2022-29972</a> is regarding a vulnerability in the Magnitude Simba Amazon Redshift ODBC Driver. MITRE created this CVE on their behalf.</p> <p>Please see <a href="https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/">Redshift and Athena Driver Vulnerability</a> for more information.</p> Self-hosted Integration Runtime MITRE Yes CVE-2022-29972 12042 Remote Code Execution 12042 Critical 12042 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Release Notes https://www.microsoft.com/download/details.aspx?id=39717 12042 Maybe Security Update 5.17.8131.1 https://download.microsoft.com/download/E/4/7/E4771905-1079-445B-8BF9-8A1A075D8A10/Release%20Notes.doc 12042 Release Notes Tzah Pahima from Orca Security 1.0 2022-05-09T07:00:00 <p>Information published.</p> Visual Studio Code Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Visual Studio Code Microsoft Yes CVE-2022-30129 11622 Remote Code Execution 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.67.1 https://code.visualstudio.com/updates/v1_67 11622 Release Notes <a href="https://twitter.com/swapgs">Thomas Chauchefoin</a> with <a href="https://www.sonarsource.com/vulnerability-disclosures/">SonarSource</a> 1.0 2022-05-10T08:00:00 <p>Information published.</p> Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972 <h2 id="executive-summary">Executive Summary</h2> <p>Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime (IR) in Azure Synapse Pipelines, and Azure Data Factory. The vulnerability could have allowed an attacker to execute remote commands across Integration Runtimes.</p> <p>We addressed the vulnerability with the release of the security updates to remediate <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972">CVE-20220-29972</a>. In addition, we also worked with the third-party vendor on fixing the vulnerability in the driver which has been released with our latest updates. More information can be found on our <a href="https://aka.ms/SynapsePipelinesUpdate">blog</a>.</p> <h3 id="our-commitment">Our Commitment</h3> <p>Our current and the third-party driver fixes fully address this vulnerability. However, we have identified and are committed to additional improvements to the service, particularly around creating stronger isolation on Azure IR to further safeguard customer workloads.</p> <p>Our current service provides multiple levels of isolation, and for those customers who prefer greater compute and network isolation, Microsoft offers <a href="https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-vnet">Azure IR with Managed Virtual Network</a> and <a href="https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime?tabs=data-factory">Self-Hosted Integration Runtime</a>.</p> <p>We are continuing to work on strengthening tenant isolation across customer workloads on Azure IR without the Managed Virtual Network. Tenant isolation in Azure IR will ensure our customers' Synapse pipeline and Azure Data Factory executions are isolated, and the exposure is contained from vulnerabilities at the application level.</p> <p>No customer action is expected for this change. However, in the event customers must perform an action in response to these changes, they will be notified via <a href="https://aka.ms/AzureServiceHealth">Azure Service Health Alerts</a>.</p> Azure SHIR Microsoft Yes ADV220001 12041 12040 12042 Remote Code Execution 12041 Remote Code Execution 12040 Remote Code Execution 12042 Critical 12041 Critical 12040 Critical 12042 Publicly Disclosed:No;Exploited:No 1.0 2022-05-09T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components Microsoft Yes CVE-2022-30138 11568 11569 11570 11571 11572 11712 11713 11714 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11803 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11712 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11713 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11714 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11803 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11568 11569 11570 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11712 11713 11714 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11712 11713 11714 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 11897 11898 11929 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 11897 11898 11929 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11897 11898 11801 11802 11803 11929 11930 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11801 11802 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11801 11802 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 11927 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 11927 5013943 5013943 https://support.microsoft.com/help/5013943 11926 11927 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11930 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11930 11931 5013942 5013963 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013963 5012653 10729 10735 Yes Security Update 10.0.10240.19297 https://support.microsoft.com/help/5013963 10729 10735 5013963 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10852 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10852 10853 10816 10855 5014012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014012 5012626 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25954 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5014012 5014012 https://support.microsoft.com/help/5014012 10047 10048 10051 10049 5013999 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013999 10047 10048 10051 10049 Yes Security Only 6.1.7601.25954 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5013999 5013999 https://support.microsoft.com/help/5013999 10047 10048 10051 10049 5014011 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014011 5012670 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20371 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014011 5014011 https://support.microsoft.com/help/5014011 10481 10482 10483 10543 5014001 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014001 10481 10482 10483 10543 Yes Security Only 6.3.9600.20365 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014001 5014001 https://support.microsoft.com/help/5014001 10481 10482 10483 10543 5014025 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014025 10484 Yes ServicingStackUpdate 6.3.9600.20367 https://support.microsoft.com/help/5014025 10484 5014025 5014010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014010 5012658 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21481 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014010 5014010 https://support.microsoft.com/help/5014010 9312 10287 9318 9344 5014006 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014006 9312 10287 9318 9344 Yes Security Only 6.0.6003.21481 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014006 5014006 https://support.microsoft.com/help/5014006 9312 10287 9318 9344 5014017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014017 5012650 10378 10379 Yes Monthly Rollup 6.2.9200.23714 https://support.microsoft.com/help/5014017 10378 10379 5014017 5014017 https://support.microsoft.com/help/5014017 10378 10379 5014018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014018 10378 10379 Yes Security Only 6.2.9200.23714 https://support.microsoft.com/help/5014018 10378 10379 5014018 5014018 https://support.microsoft.com/help/5014018 10378 10379 National Security Agency Oliver Lyak (@ly4k_) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-05-12T07:00:00 <p>Information published. This CVE has been added to this month's Security Updates. This is an informational change only. Customers who have successfully installed the applicable updates do not need to take any further action.</p> 1.1 2022-05-13T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.</p> <p>Please see the <a href="https://aka.ms/CVE-2022-30190-Guidance">MSRC Blog Entry</a> for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is there an update available to address this vulnerability?</strong></p> <p>Yes, the updates are available. Microsoft recommends installing the June updates as soon as possible.</p> <p><strong>Where can I find more information?</strong></p> <p>Please see this <a href="https://aka.ms/CVE-2022-30190-Guidance">MSRC Blog Entry</a>.</p> Microsoft Windows Support Diagnostic Tool (MSDT) Microsoft Yes CVE-2022-30190 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11803 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11803 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11803 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11896 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11897 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11898 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11803 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5014692 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014692 5013941 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3046 https://support.microsoft.com/help/5014692 11568 11569 11570 11571 11572 5014692 5014692 https://support.microsoft.com/help/5014692 11568 11569 11570 11571 11572 5014699 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014699 5013942 11896 11897 11898 Yes Security Update 10.0.19043.1766 https://support.microsoft.com/help/5014699 11896 11897 11898 5014699 5014699 https://support.microsoft.com/help/5014699 11896 11897 11898 11801 11802 11803 11929 11930 11931 5014678 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014678 5013944 11923 11924 Yes Security Update 10.0.20348.770 https://support.microsoft.com/help/5014678 11923 11924 5014678 5014699 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014699 5013942 11801 11802 11803 Yes Security Update 10.0.19042.1766 https://support.microsoft.com/help/5014699 11801 11802 11803 5014699 5014697 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014697 5013943 11926 11927 Yes Security Update 10.0.22000.739 https://support.microsoft.com/help/5014697 11926 11927 5014697 5014697 https://support.microsoft.com/help/5014697 11926 11927 5014699 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014699 5013942 11929 11930 11931 Yes Security Update 10.0.19044.1766 https://support.microsoft.com/help/5014699 11929 11930 11931 5014699 5014710 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014710 5013963 10729 10735 Yes Security Update 10.0.10240.19325 https://support.microsoft.com/help/5014710 10729 10735 5014710 5014702 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014702 5013952 10852 10853 10816 10855 Yes Security Update 10.0.14393.5192 https://support.microsoft.com/help/5014702 10852 10853 10816 10855 5014702 5014748 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014748 5014012 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.25984 https://support.microsoft.com/help/5014748 10047 10048 10051 10049 5014748 5014748 https://support.microsoft.com/help/5014748 10047 10048 10051 10049 5014742 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014742 10047 10048 10051 10049 Yes Security Only 6.1.7601.25984 https://support.microsoft.com/help/5014742 10047 10048 10051 10049 5014742 5014742 https://support.microsoft.com/help/5014742 10047 10048 10051 10049 5014738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014738 5014011 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20402 https://support.microsoft.com/help/5014738 10481 10482 10483 10543 5014738 5014738 https://support.microsoft.com/help/5014738 10481 10482 10484 10483 10543 5014746 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014746 10481 10482 10483 10543 Yes Security Only 6.3.9600.20402 https://support.microsoft.com/help/5014746 10481 10482 10483 10543 5014746 5014746 https://support.microsoft.com/help/5014746 10481 10482 10483 10543 5014738 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014738 10484 Yes Monthly Rollup 6.3.9600.20402 https://support.microsoft.com/help/5014738 10484 5014738 5014747 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014747 5014017 10378 10379 Yes Monthly Rollup 6.2.9200.23736 https://support.microsoft.com/help/5014747 10378 10379 5014747 5014747 https://support.microsoft.com/help/5014747 10378 10379 5014741 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5014741 10378 10379 Yes Security Only 6.2.9200.23736 https://support.microsoft.com/help/5014741 10378 10379 5014741 5014741 https://support.microsoft.com/help/5014741 10378 10379 <a href="https://twitter.com/crazymanarmy">crazyman</a> with <a href="https://twitter.com/shadowchasing1">Shadow Chaser Group</a> 1.0 2022-05-30T07:00:00 <p>Information published.</p> 1.1 2022-06-03T07:00:00 <p>Added an FAQ. This is an information change only.</p> 2.0 2022-06-14T07:00:00 <p>The update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> https://nvd.nist.gov/vuln/detail/CVE-2009-1890 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 Mariner secalert@redhat.com Yes CVE-2009-1890 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 httpd 12137 httpd-2.4.54-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.54-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.54-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.54-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.54-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.54-1 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 12137 httpd httpd 12138 httpd-2.4.54-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.54-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.54-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.54-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.54-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.54-1 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 12138 httpd httpd 12139 httpd-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_ldap-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_proxy_html-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_session-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_ssl-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.54-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.54-1 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 12139 httpd httpd 12140 httpd-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_ldap-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_proxy_html-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_session-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_ssl-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.54-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.54-1 https://nvd.nist.gov/vuln/detail/CVE-2009-1890 12140 httpd 1.0 2022-05-26T00:00:00 <p>Information published.</p> 1.1 2022-05-27T00:00:00 <p>Added httpd to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1195 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 Mariner secalert@redhat.com Yes CVE-2022-1195 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 12137 kernel kernel 12138 kernel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 12138 kernel kernel 12139 kernel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 12139 kernel kernel 12140 kernel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1195 12140 kernel 1.0 2022-05-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1353 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 Mariner secalert@redhat.com Yes CVE-2022-1353 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12137 kernel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 12137 kernel kernel 12138 kernel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 12138 kernel kernel 12139 kernel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 12139 kernel kernel 12140 kernel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 12140 kernel 1.0 2022-05-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1227 https://nvd.nist.gov/vuln/detail/CVE-2022-1227 Mariner secalert@redhat.com Yes CVE-2022-1227 12139 12140 12139 12140 12139 12140 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 podman 12139 podman-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 podman-docker-4.1.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 podman-tests-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 podman-remote-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 podman-plugins-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 podman-gvproxy-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 podman-debuginfo-4.1.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.1.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1227 12139 podman podman 12140 podman-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 podman-docker-4.1.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 podman-tests-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 podman-remote-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 podman-plugins-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 podman-gvproxy-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 podman-debuginfo-4.1.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.1.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1227 12140 podman 1.0 2022-05-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1015 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 Mariner secalert@redhat.com Yes CVE-2022-1015 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12137 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12138 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12139 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12140 kernel 12137 kernel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 12137 kernel kernel 12138 kernel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 12138 kernel kernel 12139 kernel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 12139 kernel kernel 12140 kernel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1015 12140 kernel 1.0 2022-05-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1048 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 Mariner secalert@redhat.com Yes CVE-2022-1048 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 12137 kernel kernel 12138 kernel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 12138 kernel kernel 12139 kernel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 12139 kernel kernel 12140 kernel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 12140 kernel 1.0 2022-05-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21484 https://nvd.nist.gov/vuln/detail/CVE-2022-21484 Mariner secalert_us@oracle.com Yes CVE-2022-21484 12139 12140 12139 12140 12139 12140 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12139 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21484 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21484 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21451 https://nvd.nist.gov/vuln/detail/CVE-2022-21451 Mariner secalert_us@oracle.com Yes CVE-2022-21451 12139 12140 12139 12140 12139 12140 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21451 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21451 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-24735 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 Mariner security-advisories@github.com Yes CVE-2022-24735 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 redis 12137 redis-6.2.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 12137 redis redis 12138 redis-6.2.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 12138 redis redis 12139 redis-6.2.7-1.cm2.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 12139 redis redis 12140 redis-6.2.7-1.cm2.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 12140 redis 1.0 2022-05-10T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added redis to CBL-Mariner 1.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21486 https://nvd.nist.gov/vuln/detail/CVE-2022-21486 Mariner secalert_us@oracle.com Yes CVE-2022-21486 12139 12140 12139 12140 12139 12140 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12139 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21486 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21486 12140 mysql 1.0 2022-05-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21483 https://nvd.nist.gov/vuln/detail/CVE-2022-21483 Mariner secalert_us@oracle.com Yes CVE-2022-21483 12139 12140 12139 12140 12139 12140 6.3 6.3 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 12139 6.3 6.3 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21483 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21483 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21479 https://nvd.nist.gov/vuln/detail/CVE-2022-21479 Mariner secalert_us@oracle.com Yes CVE-2022-21479 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21479 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21479 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21482 https://nvd.nist.gov/vuln/detail/CVE-2022-21482 Mariner secalert_us@oracle.com Yes CVE-2022-21482 12139 12140 12139 12140 12139 12140 6.3 6.3 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 12139 6.3 6.3 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21482 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21482 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21485 https://nvd.nist.gov/vuln/detail/CVE-2022-21485 Mariner secalert_us@oracle.com Yes CVE-2022-21485 12139 12140 12139 12140 12139 12140 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12139 2.9 2.9 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21485 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21485 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-21478 https://nvd.nist.gov/vuln/detail/CVE-2022-21478 Mariner secalert_us@oracle.com Yes CVE-2022-21478 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12139 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12140 mysql 12139 mysql-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21478 12139 mysql mysql 12140 mysql-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.29-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.29-1 https://nvd.nist.gov/vuln/detail/CVE-2022-21478 12140 mysql 1.0 2022-05-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-24736 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 Mariner security-advisories@github.com Yes CVE-2022-24736 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 redis 12137 redis-6.2.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 12137 redis redis 12138 redis-6.2.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 12138 redis redis 12139 redis-6.2.7-1.cm2.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 12139 redis redis 12140 redis-6.2.7-1.cm2.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.7-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.7-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 12140 redis 1.0 2022-05-10T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added redis to CBL-Mariner 1.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-29869 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 Mariner cve@mitre.org Yes CVE-2022-29869 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12140 cifs-utils 12137 cifs-utils-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 12137 cifs-utils cifs-utils 12138 cifs-utils-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 12138 cifs-utils cifs-utils 12139 cifs-utils-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.14-2 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 12139 cifs-utils cifs-utils 12140 cifs-utils-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.14-2 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 12140 cifs-utils 1.0 2022-05-07T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added cifs-utils to CBL-Mariner 1.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-27405 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 Mariner cve@mitre.org Yes CVE-2022-27405 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 freetype 12137 freetype-2.12.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 freetype-devel-2.12.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 freetype-debuginfo-2.12.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.12.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 12137 freetype freetype 12138 freetype-2.12.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 freetype-devel-2.12.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 freetype-debuginfo-2.12.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.12.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 12138 freetype freetype 12139 freetype-2.12.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 freetype-devel-2.12.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 freetype-debuginfo-2.12.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.12.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 12139 freetype freetype 12140 freetype-2.12.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 freetype-devel-2.12.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 freetype-debuginfo-2.12.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.12.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 12140 freetype 1.0 2022-05-06T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added freetype to CBL-Mariner 1.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-29582 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 Mariner cve@mitre.org Yes CVE-2022-29582 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 kernel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 12137 kernel kernel 12138 kernel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.116.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.116.1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 12138 kernel kernel 12139 kernel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 12139 kernel kernel 12140 kernel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.41.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.37.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 12140 kernel 1.0 2022-05-06T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-24769 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 Mariner security-advisories@github.com Yes CVE-2022-24769 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12137 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12138 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12139 5.9 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12140 moby-runc 12137 moby-runc-1.1.2+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.2+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.2+azure-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 12137 moby-runc moby-runc 12138 moby-runc-1.1.2+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.2+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.2+azure-1 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 12138 moby-runc moby-runc 12139 moby-runc-1.1.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.2-2 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 12139 moby-runc moby-runc 12140 moby-runc-1.1.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.2-2 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 12140 moby-runc 1.0 2022-05-14T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-27239 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 Mariner cve@mitre.org Yes CVE-2022-27239 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 cifs-utils 12137 cifs-utils-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 12137 cifs-utils cifs-utils 12138 cifs-utils-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.8-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.8-6 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 12138 cifs-utils cifs-utils 12139 cifs-utils-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.14-2 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 12139 cifs-utils cifs-utils 12140 cifs-utils-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 pam_cifscreds-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-devel-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 cifs-utils-debuginfo-6.14-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.14-2 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 12140 cifs-utils 1.0 2022-05-07T00:00:00 <p>Information published.</p> 1.1 2022-05-11T00:00:00 <p>Added cifs-utils to CBL-Mariner 1.0</p> Windows Hyper-V Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This Hyper-V vulnerability relates to a Virtual Machine Switch with virtual networking in Hyper-V Network Virtualization (HNV). It might be possible to bypass extended ACLs and other Windows security feature checks.</p> <p>See <a href="https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/create-security-policies-with-extended-port-access-control-lists">Create Security Policies with Extended Port Access Control Lists</a> for information about extended ACLs.</p> <p><strong>According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual network can only communicate with each other. In this attack vector, the vulnerable component is bound to the network stack, but the attack is limited to systems configured to use the HNV network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-24466 11569 11571 11572 11713 11896 11923 11924 11803 11926 11931 10853 10816 10855 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11713 Security Feature Bypass 11896 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11803 Security Feature Bypass 11926 Security Feature Bypass 11931 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11569 Important 11571 Important 11572 Important 11713 Important 11896 Important 11923 Important 11924 Important 11803 Important 11926 Important 11931 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11569 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11571 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11572 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11713 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11896 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11923 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11924 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11803 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11926 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11931 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 10853 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 10816 4.1 3.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 10855 5013941 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013941 5012647 11569 11571 11572 Yes Security Update 10.0.17763.2928 https://support.microsoft.com/help/5013941 11569 11571 11572 5013941 5013941 https://support.microsoft.com/help/5013941 11569 11571 11572 5013945 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013945 5012591 11713 Yes Security Update 10.0.18363.2274 https://support.microsoft.com/help/5013945 11713 5013945 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11896 Yes Security Update 10.0.19043.1706 https://support.microsoft.com/help/5013942 11896 5013942 5013942 https://support.microsoft.com/help/5013942 11896 11803 11931 5013944 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013944 5012604 11923 11924 Yes Security Update 10.0.20348.707 https://support.microsoft.com/help/5013944 11923 11924 5013944 5013944 https://support.microsoft.com/help/5013944 11923 11924 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11803 Yes Security Update 10.0.19042.1706 https://support.microsoft.com/help/5013942 11803 5013942 5013943 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013943 5012592 11926 Yes Security Update 10.0.22000.675 https://support.microsoft.com/help/5013943 11926 5013943 5013943 https://support.microsoft.com/help/5013943 11926 5013942 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013942 5012599 11931 Yes Security Update 10.0.19044.1706 https://support.microsoft.com/help/5013942 11931 5013942 5013952 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5013952 5012596 10853 10816 10855 Yes Security Update 10.0.14393.5125 https://support.microsoft.com/help/5013952 10853 10816 10855 5013952 5013952 https://support.microsoft.com/help/5013952 10853 10816 10855 Maxime Villard, of M.O.R.S.E. 1.0 2022-05-10T08:00:00 <p>Information published.</p>