November 2022 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2022-Nov 2022-Nov Final 1.0 58 2026-02-18T03:08:36 November 2022 Security Updates 2022-11-08T08:00:00 2026-02-18T03:08:36 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET Framework</li> <li>AMD CPU Branch</li> <li>Azure</li> <li>Azure Real Time Operating System</li> <li>Linux Kernel</li> <li>Microsoft Dynamics</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Exchange Server</li> <li>Microsoft Graphics Component</li> <li>Microsoft Office</li> <li>Microsoft Office Excel</li> <li>Microsoft Office SharePoint</li> <li>Microsoft Office Word</li> <li>Network Policy Server (NPS)</li> <li>Open Source Software</li> <li>Role: Windows Hyper-V</li> <li>SysInternals</li> <li>Visual Studio</li> <li>Windows Advanced Local Procedure Call</li> <li>Windows ALPC</li> <li>Windows Bind Filter Driver</li> <li>Windows BitLocker</li> <li>Windows CNG Key Isolation Service</li> <li>Windows Devices Human Interface</li> <li>Windows Digital Media</li> <li>Windows DWM Core Library</li> <li>Windows Extensible File Allocation</li> <li>Windows Group Policy Preference Client</li> <li>Windows HTTP.sys</li> <li>Windows Kerberos</li> <li>Windows Mark of the Web (MOTW)</li> <li>Windows Netlogon</li> <li>Windows Network Address Translation (NAT)</li> <li>Windows ODBC Driver</li> <li>Windows Overlay Filter</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Print Spooler Components</li> <li>Windows Resilient File System (ReFS)</li> <li>Windows Scripting</li> <li>Windows Win32K</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>August 9, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23824">CVE-2022-23824</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3602">CVE-2022-3602</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3786">CVE-2022-3786</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37966">CVE-2022-37966</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37967">CVE-2022-37967</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37992">CVE-2022-37992</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014">CVE-2022-38014</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38015">CVE-2022-38015</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38023">CVE-2022-38023</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-39253">CVE-2022-39253</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-39327">CVE-2022-39327</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41039">CVE-2022-41039</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41044">CVE-2022-41044</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41045">CVE-2022-41045</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41047">CVE-2022-41047</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41048">CVE-2022-41048</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41049">CVE-2022-41049</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41050">CVE-2022-41050</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051">CVE-2022-41051</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41052">CVE-2022-41052</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41054">CVE-2022-41054</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41055">CVE-2022-41055</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41057">CVE-2022-41057</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060">CVE-2022-41060</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41061">CVE-2022-41061</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41062">CVE-2022-41062</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41063">CVE-2022-41063</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064">CVE-2022-41064</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41066">CVE-2022-41066</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073">CVE-2022-41073</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085">CVE-2022-41085</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41086">CVE-2022-41086</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41088">CVE-2022-41088</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41090">CVE-2022-41090</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091">CVE-2022-41091</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41092">CVE-2022-41092</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41093">CVE-2022-41093</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41095">CVE-2022-41095</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41096">CVE-2022-41096</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41097">CVE-2022-41097</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41098">CVE-2022-41098</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41099">CVE-2022-41099</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41100">CVE-2022-41100</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41101">CVE-2022-41101</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41102">CVE-2022-41102</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41103">CVE-2022-41103</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41104">CVE-2022-41104</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41105">CVE-2022-41105</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41106">CVE-2022-41106</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41107">CVE-2022-41107</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41109">CVE-2022-41109</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41113">CVE-2022-41113</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41114">CVE-2022-41114</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41116">CVE-2022-41116</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41118">CVE-2022-41118</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119">CVE-2022-41119</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41120">CVE-2022-41120</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41122">CVE-2022-41122</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125">CVE-2022-41125</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41128">CVE-2022-41128</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002258">5002258</a></td> <td>Microsoft SharePoint Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002267">5002267</a></td> <td>Microsoft SharePoint Server 2013</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002269">5002269</a></td> <td>Microsoft SharePoint Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002271">5002271</a></td> <td>Microsoft SharePoint Server Subscription Edition</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5019959">5019959</a></td> <td>Windows 10 Version 21H1</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5019966">5019966</a></td> <td>Windows 10 Version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5019980">5019980</a></td> <td>Windows 11 version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020000">5020000</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020003">5020003</a></td> <td>Windows Server 2012 (Security Only)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020005">5020005</a></td> <td>Windows Server 2008 (Security Only)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020009">5020009</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020010">5020010</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Security Only)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020013">5020013</a></td> <td>Windows 7, Windows Server 2008 R2 (Security Only)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020019">5020019</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5020023">5020023</a></td> <td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Subsystem for Linux (WSL2) vcpkg Azure EFLOW Azure CycleCloud 8.0.0 Azure CycleCloud 7 Azure CLI Microsoft Azure Kubernetes Service Azure SDK for C++ Azure RTOS GUIX Studio Nuget 2.1.2 Nuget 4.8.5 Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2019 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based Systems Microsoft .NET Framework 4.8 on Windows RT 8.1 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.7.2 on Windows Server 2019 Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2022 Microsoft .NET Framework 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.8.1 on Windows Server 2022 Microsoft .NET Framework 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.3 Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.2 Windows Sysmon Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) SharePoint Server Subscription Edition Language Pack Microsoft Office LTSC 2021 for 32-bit editions Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office Online Server Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Office LTSC for Mac 2021 Microsoft Office 2019 for Mac Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Edge (Chromium-based) Microsoft Dynamics NAV 2018 Dynamics 365 Business Central Spring 2019 Update Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Microsoft Dynamics 365 Business Central 2022 Release Wave 1 Microsoft Dynamics 365 Business Central 2021 Release Wave 2 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 R2 (Server Core installation) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows RT 8.1 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2019 Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2022 Microsoft .NET Framework 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft Edge (Chromium-based) Microsoft Azure Kubernetes Service Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft Dynamics NAV 2018 Dynamics 365 Business Central Spring 2019 Update Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 4.7.2 on Windows Server 2019 Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 SharePoint Server Subscription Edition Language Pack Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Visual Studio 2022 version 17.2 Azure RTOS GUIX Studio Windows Subsystem for Linux (WSL2) Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows Server 2022 Microsoft .NET Framework 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft Visual Studio 2022 version 17.3 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure CycleCloud 8.0.0 Azure CLI Azure CycleCloud 7 Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Windows Sysmon Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) vcpkg Azure SDK for C++ Azure EFLOW Nuget 4.8.5 Nuget 2.1.2 Microsoft Dynamics 365 Business Central 2022 Release Wave 1 Microsoft Dynamics 365 Business Central 2021 Release Wave 2 Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM azl3 samba 4.18.3-1 on Azure Linux 3.0 cm1 libxml2 2.9.14-3 on CBL Mariner 1.0 azl3 python-tensorboard 2.16.2-2 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-1 on Azure Linux 3.0 cbl2 python3 3.9.19-1 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0 cm1 kernel 5.10.189.1-1 on CBL Mariner 1.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 xterm 380-1 on CBL Mariner 2.0 cm1 python3 3.7.16-1 on CBL Mariner 1.0 cm1 systemd 239-43 on CBL Mariner 1.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 cm1 sysstat 12.3.3-2 on CBL Mariner 1.0 cbl2 sysstat 12.7.1-1 on CBL Mariner 2.0 cm1 heimdal 7.7.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.161.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.86.1-1 on CBL Mariner 2.0 cm1 kernel 5.10.158.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.82.1-1 on CBL Mariner 2.0 cm1 qemu-kvm 4.2.0-48 on CBL Mariner 1.0 cbl2 qemu 6.2.0-12 on CBL Mariner 2.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 cm1 vim 9.0.0982-1 on CBL Mariner 1.0 cbl2 vim 9.0.0982-1 on CBL Mariner 2.0 cbl2 python3 3.9.14-5 on CBL Mariner 2.0 cbl2 libxml2 2.10.3-1 on CBL Mariner 2.0 cm1 libarchive 3.6.1-2 on CBL Mariner 1.0 cbl2 libarchive 3.6.1-2 on CBL Mariner 2.0 cbl2 heimdal 7.7.1-1 on CBL Mariner 2.0 cm1 libtiff 4.4.0-6 on CBL Mariner 1.0 cbl2 libtiff 4.4.0-6 on CBL Mariner 2.0 cbl2 systemd 250.3-10 on CBL Mariner 2.0 azl3 systemd-bootstrap 250.3-17 on Azure Linux 3.0 cm1 python2 2.7.18-14 on CBL Mariner 1.0 cm1 sudo 1.9.12p1-1 on CBL Mariner 1.0 cbl2 sudo 1.9.12p1-1 on CBL Mariner 2.0 cm1 pixman 0.36.0-3 on CBL Mariner 1.0 cm1 pixman 0.40.0-3 on CBL Mariner 1.0 cbl2 pixman 0.42.2-1 on CBL Mariner 2.0 cm1 net-snmp 5.9-4 on CBL Mariner 1.0 cbl2 net-snmp 5.9.4-1 on CBL Mariner 2.0 azl3 net-snmp 5.9.4-1 on Azure Linux 3.0 azl3 prometheus-process-exporter 0.8.2-1 on Azure Linux 3.0 azl3 xdg-utils 1.2.1-3 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 cbl2 rubygem-fluentd 1.14.6-2 on CBL Mariner 2.0 cbl2 ntfs-3g 2022.10.3-1 on CBL Mariner 2.0 cbl2 tensorflow 2.11.0-1 on CBL Mariner 2.0 cbl2 emacs 28.1-5 on CBL Mariner 2.0 cbl2 snakeyaml on CBL Mariner 2.0 cbl2 junit on CBL Mariner 2.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 python-tensorboard 2.11.0-3 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 prometheus-process-exporter 0.7.10-15 on Azure Linux 3.0 azl3 ipxe 1.21.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Parsing issue in protobuf textformat <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-3509 17021-17084 19407-17084 19696-17084 17021-17084 19407-17084 19696-17084 Important 17021-17084 Important 19407-17084 Important 19696-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17021-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19696-17084 CBL-Mariner Releases 17021-17084 19696-17084 No Security Update 2.16.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17021-17084 19696-17084 CBL-Mariner Releases 1.1 2026-02-18T01:17:23 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan() leading to a Denial of Service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3821 Off-by-one Error 18486-16820 18546-16823 18547-17084 18486-16820 18546-16823 18547-17084 Moderate 18486-16820 Moderate 18546-16823 Moderate 18547-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18486-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18546-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18547-17084 CBL-Mariner Releases 18486-16820 No Security Update 239-43 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18486-16820 CBL-Mariner Releases CBL-Mariner Releases 18546-16823 No Security Update 250.3-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18546-16823 CBL-Mariner Releases CBL-Mariner Releases 18547-17084 No Security Update 250.3-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18547-17084 CBL-Mariner Releases 1.0 2022-11-17T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3872 Off-by-one Error 18533-16820 18534-16823 18535-17084 18533-16820 18534-16823 18535-17084 Important 18533-16820 Important 18534-16823 Important 18535-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 18533-16820 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 18534-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 18534-16823 No Security Update 6.2.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18534-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> Use after free in io_uring in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-3910 Use After Free 18518-16820 18532-16823 18518-16820 18532-16823 Important 18518-16820 Important 18532-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18518-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18532-16823 CBL-Mariner Releases 18518-16820 No Security Update 5.10.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18518-16820 CBL-Mariner Releases CBL-Mariner Releases 18532-16823 No Security Update 5.15.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18532-16823 CBL-Mariner Releases 1.0 2022-11-24T00:00:00 <p>Information published.</p> sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-39377 Incorrect Calculation of Buffer Size 18500-16820 18501-16823 18500-16820 18501-16823 Important 18500-16820 Important 18501-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18500-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18501-16823 CBL-Mariner Releases 18500-16820 No Security Update 12.3.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18500-16820 CBL-Mariner Releases CBL-Mariner Releases 18501-16823 No Security Update 12.7.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18501-16823 CBL-Mariner Releases 1.0 2022-11-18T00:00:00 <p>Information published.</p> 1.1 2023-01-06T00:00:00 <p>Added sysstat to CBL-Mariner 1.0</p> Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-39379 Deserialization of Untrusted Data 19505-16823 19505-16823 Critical 19505-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19505-16823 CBL-Mariner Releases 19505-16823 No Security Update 1.14.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19505-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset typically leading to a segmentation fault. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-40303 Integer Overflow or Wraparound 16872-16820 18540-16823 16872-16820 18540-16823 Important 16872-16820 Important 18540-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16872-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18540-16823 CBL-Mariner Releases 16872-16820 No Security Update 2.9.14-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16872-16820 CBL-Mariner Releases CBL-Mariner Releases 18540-16823 No Security Update 2.10.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18540-16823 CBL-Mariner Releases 1.0 2022-11-29T00:00:00 <p>Information published.</p> An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key potentially leading to subsequent logic errors. In one case a double-free can be provoked. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-40304 Double Free 16872-16820 18540-16823 16872-16820 18540-16823 Important 16872-16820 Important 18540-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 16872-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18540-16823 CBL-Mariner Releases 16872-16820 No Security Update 2.9.14-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16872-16820 CBL-Mariner Releases CBL-Mariner Releases 18540-16823 No Security Update 2.10.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18540-16823 CBL-Mariner Releases 1.0 2022-12-01T00:00:00 <p>Information published.</p> A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4127 NULL Pointer Dereference 18518-16820 18532-16823 18518-16820 18532-16823 Moderate 18518-16820 Moderate 18532-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18518-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18532-16823 CBL-Mariner Releases 18518-16820 No Security Update 5.10.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18518-16820 CBL-Mariner Releases CBL-Mariner Releases 18532-16823 No Security Update 5.15.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18532-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Heap-based Buffer Overflow in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntrdev Yes CVE-2022-4141 Heap-based Buffer Overflow 18536-16820 18537-16823 18536-16820 18537-16823 Important 18536-16820 Important 18537-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18536-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18537-16823 CBL-Mariner Releases 18536-16820 18537-16823 No Security Update 9.0.0982-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18536-16820 18537-16823 CBL-Mariner Releases 1.0 2022-12-01T00:00:00 <p>Information published.</p> Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41884 Always-Incorrect Control Flow Implementation 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Overflow in `ImageProjectiveTransformV2` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41886 Incorrect Calculation of Buffer Size 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK` fail in `BCast` overflow in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41890 Incorrect Type Conversion or Cast 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41891 Improper Input Validation 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `MirrorPadGrad` heap out of bounds read in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41895 Out-of-bounds Read 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `tf.raw_ops.Mfcc` crashes in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41896 Improper Validation of Specified Quantity in Input 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41899 Reachable Assertion 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41900 Out-of-bounds Write 19510-16823 19510-16823 Critical 19510-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Overflow in `ResizeNearestNeighborGrad` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41907 Incorrect Calculation of Buffer Size 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK` fail via inputs in `PyFunc` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41908 Improper Input Validation 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Read one byte past a buffer when normalizing Unicode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41916 Off-by-one Error 18503-16820 18543-16823 16864-17084 18503-16820 18543-16823 16864-17084 Important 18503-16820 Important 18543-16823 Important 16864-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18503-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18543-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16864-17084 CBL-Mariner Releases 18503-16820 18543-16823 No Security Update 7.7.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18503-16820 18543-16823 CBL-Mariner Releases CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added samba to Azure Linux 3.0 Added heimdal to CBL-Mariner 1.0 Added heimdal to CBL-Mariner 2.0</p> 1.0 2022-11-19T00:00:00 <p>Information published.</p> Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3 but users would need to make specific <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-42919 18458-16820 17386-16823 18458-16820 17386-16823 Important 18458-16820 Important 17386-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18458-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17386-16823 CBL-Mariner Releases 18458-16820 No Security Update 3.7.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18458-16820 CBL-Mariner Releases CBL-Mariner Releases 17386-16823 No Security Update 3.9.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17386-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> 1.1 2023-02-06T00:00:00 <p>Added python3 to CBL-Mariner 1.0</p> The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner SNPS Yes CVE-2022-43945 Allocation of Resources Without Limits or Throttling 18518-16820 18532-16823 18518-16820 18532-16823 Important 18518-16820 Important 18532-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18518-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18532-16823 CBL-Mariner Releases 18518-16820 No Security Update 5.10.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18518-16820 CBL-Mariner Releases CBL-Mariner Releases 18532-16823 No Security Update 5.15.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18532-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> Sudo 1.8.0 through 1.9.12 with the crypt() password backend contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries compiler and processor architecture. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-43995 Out-of-bounds Read 18549-16820 18550-16823 18549-16820 18550-16823 Important 18549-16820 Important 18550-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18549-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18550-16823 CBL-Mariner Releases 18549-16820 18550-16823 No Security Update 1.9.12p1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18549-16820 18550-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> In libpixman in Pixman before 0.42.2 there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-44638 Integer Overflow or Wraparound 18553-16820 18554-16820 18555-16823 18553-16820 18554-16820 18555-16823 Important 18553-16820 Important 18554-16820 Important 18555-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18553-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18554-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18555-16823 CBL-Mariner Releases 18553-16820 No Security Update 0.36.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18553-16820 CBL-Mariner Releases CBL-Mariner Releases 18554-16820 No Security Update 0.40.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18554-16820 CBL-Mariner Releases CBL-Mariner Releases 18555-16823 No Security Update 0.42.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18555-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1 3.10.9 3.9.16 3.8.16 and 3.7.16. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45061 Inefficient Algorithmic Complexity 18458-16820 18548-16820 18538-16823 18458-16820 18548-16820 18538-16823 Important 18458-16820 Important 18548-16820 Important 18538-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18458-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18548-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18538-16823 CBL-Mariner Releases 18458-16820 No Security Update 3.7.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18458-16820 CBL-Mariner Releases CBL-Mariner Releases 18548-16820 No Security Update 2.7.18-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18548-16820 CBL-Mariner Releases CBL-Mariner Releases 18538-16823 No Security Update 3.9.14-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18538-16823 CBL-Mariner Releases 1.0 2022-11-17T00:00:00 <p>Information published.</p> xterm before 375 allows code execution via font ops e.g. because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45063 Improper Neutralization of Special Elements used in a Command ('Command Injection') 18330-16823 18330-16823 Critical 18330-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18330-16823 CBL-Mariner Releases 18330-16823 No Security Update 380-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18330-16823 CBL-Mariner Releases 1.0 2022-11-16T00:00:00 <p>Information published.</p> A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45869 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18518-16820 18532-16823 18518-16820 18532-16823 Moderate 18518-16820 Moderate 18532-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18518-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18532-16823 CBL-Mariner Releases 18518-16820 No Security Update 5.10.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18518-16820 CBL-Mariner Releases CBL-Mariner Releases 18532-16823 No Security Update 5.15.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18532-16823 CBL-Mariner Releases 1.0 2022-12-03T00:00:00 <p>Information published.</p> systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45873 Uncontrolled Resource Consumption 18547-17084 18547-17084 Moderate 18547-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18547-17084 CBL-Mariner Releases 18547-17084 No Security Update 250.3-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18547-17084 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45886 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2022-11-30T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45887 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17824-16823 17823-16820 17824-16823 Moderate 17823-16820 Moderate 17824-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17823-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2022-11-30T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45888 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17824-16823 17823-16820 17824-16823 Moderate 17823-16820 Moderate 17824-16823 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17823-16820 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2022-11-30T00:00:00 <p>Information published.</p> GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45939 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 19512-16823 19512-16823 Important 19512-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19512-16823 CBL-Mariner Releases 19512-16823 No Security Update 28.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19512-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Prometheus Exporter Toolkit vulnerable to basic authentication bypass <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-46146 Incorrect Implementation of Authentication Algorithm 18829-17084 20089-17084 18829-17084 20089-17084 Important 18829-17084 Important 20089-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18829-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20089-17084 CBL-Mariner Releases 18829-17084 20089-17084 No Security Update 0.8.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18829-17084 20089-17084 CBL-Mariner Releases 1.1 2026-02-18T01:55:34 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4055 Improper Neutralization of Expression/Command Delimiters 18831-17084 18831-17084 Important 18831-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N 18831-17084 CBL-Mariner Releases 18831-17084 No Security Update 1.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18831-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner jenkins Yes CVE-2022-45380 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 19654-16823 19654-16823 Moderate 19654-16823 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 19654-16823 CBL-Mariner Releases 19654-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19654-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:26 <p>Information published.</p> qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-24999 Improperly Controlled Modification of Object Prototype Attributes (&#39;Prototype Pollution&#39;) 19693-17084 19693-17084 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 1.0 2025-09-03T22:31:12 <p>Information published.</p> 1.1 2026-02-18T03:08:36 <p>Information published.</p> Unsanitized NUL in environment variables on Windows in syscall and os/exec <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-41716 19697-17084 18315-17084 17667-17084 19693-17084 19697-17084 18315-17084 17667-17084 19693-17084 19697-17084 18315-17084 17667-17084 19693-17084 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19693-17084 1.0 2025-09-03T22:52:17 <p>Information published.</p> iPXE TLS tls.c tls_new_ciphertext information exposure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2022-4087 Improper Access Control 20221-17084 20221-17084 20221-17084 2.6 2.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 20221-17084 1.0 2025-09-03T22:55:05 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45885 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17936-16820 18490-16823 17936-16820 18490-16823 Important 17936-16820 Important 18490-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17936-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-16823 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases CBL-Mariner Releases 18490-16823 No Security Update 5.15.182.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18490-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:26 <p>Information published.</p> In libarchive before 3.6.2 the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances when NULL is equivalent to the 0x0 memory address and privileged code can access it then writing or reading memory is possible which may lead to code execution." <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-36227 NULL Pointer Dereference 18541-16820 18542-16823 18541-16820 18542-16823 Critical 18541-16820 Critical 18542-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18541-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18542-16823 CBL-Mariner Releases 18541-16820 18542-16823 No Security Update 3.6.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18541-16820 18542-16823 CBL-Mariner Releases 1.0 2022-11-29T00:00:00 <p>Information published.</p> xmldom allows multiple root nodes in a DOM <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-39353 Improper Input Validation 19696-17084 17080-17084 19712-17086 19696-17084 17080-17084 19712-17086 19696-17084 Critical 17080-17084 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19696-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17080-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 CBL-Mariner Releases 19696-17084 17080-17084 No Security Update 2.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19696-17084 17080-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2022-3970 18544-16820 18545-16823 18544-16820 18545-16823 Important 18544-16820 Important 18545-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18544-16820 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18545-16823 CBL-Mariner Releases 18544-16820 18545-16823 No Security Update 4.4.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18544-16820 18545-16823 CBL-Mariner Releases 1.0 2022-11-18T00:00:00 <p>Information published.</p> A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-40284 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 19506-16823 19506-16823 Important 19506-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19506-16823 CBL-Mariner Releases 19506-16823 No Security Update 2022.10.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19506-16823 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4144 Out-of-bounds Read 18533-16820 18534-16823 18535-17084 18533-16820 18534-16823 18535-17084 Moderate 18533-16820 Moderate 18534-16823 Moderate 18535-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18533-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18534-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18533-16820 No Security Update 4.2.0-48 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18533-16820 CBL-Mariner Releases CBL-Mariner Releases 18534-16823 No Security Update 6.2.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18534-16823 CBL-Mariner Releases CBL-Mariner Releases 18535-17084 No Security Update 6.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18535-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41880 Out-of-bounds Read 19510-16823 19510-16823 Critical 19510-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41888 Improper Input Validation 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41889 NULL Pointer Dereference 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41893 Reachable Assertion 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41894 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19510-16823 19510-16823 Important 19510-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41897 Out-of-bounds Read 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41898 Improper Input Validation 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41901 Reachable Assertion 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Segfault in `CompositeTensorVariantToComponents` in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41909 NULL Pointer Dereference 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Invalid char to bool conversion when printing a tensor in Tensorflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-41911 Incorrect Type Conversion or Cast 19510-16823 19510-16823 Important 19510-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19510-16823 CBL-Mariner Releases 19510-16823 No Security Update 2.11.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19510-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet resulting in Denial of Service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-44792 NULL Pointer Dereference 18556-16820 18557-16823 18558-17084 18556-16820 18557-16823 18558-17084 Moderate 18556-16820 Moderate 18557-16823 Moderate 18558-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18556-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18557-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18558-17084 CBL-Mariner Releases 18556-16820 No Security Update 5.9-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18556-16820 CBL-Mariner Releases CBL-Mariner Releases 18557-16823 18558-17084 No Security Update 5.9.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18557-16823 18558-17084 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet resulting in Denial of Service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-44793 NULL Pointer Dereference 18556-16820 18557-16823 18558-17084 18556-16820 18557-16823 18558-17084 Moderate 18556-16820 Moderate 18557-16823 Moderate 18558-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18556-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18557-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18558-17084 CBL-Mariner Releases 18556-16820 No Security Update 5.9-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18556-16820 CBL-Mariner Releases CBL-Mariner Releases 18557-16823 18558-17084 No Security Update 5.9.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18557-16823 18558-17084 CBL-Mariner Releases 1.0 2022-11-09T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free related to dvb_register_device dynamically allocating fops. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45884 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2022-11-30T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c a use-after-free can occur is there is a disconnect after an open because of the lack of a wait_event. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45919 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2022-11-29T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-45934 Integer Overflow or Wraparound 18505-16820 18513-16823 18505-16820 18513-16823 Important 18505-16820 Important 18513-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18505-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18513-16823 CBL-Mariner Releases 18505-16820 No Security Update 5.10.161.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18505-16820 CBL-Mariner Releases CBL-Mariner Releases 18513-16823 No Security Update 5.15.86.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18513-16823 CBL-Mariner Releases 1.0 2022-12-02T00:00:00 <p>Information published.</p> Stack Overflow in Snakeyaml <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-41854 Stack-based Buffer Overflow 19652-16823 19652-16823 Moderate 19652-16823 5.8 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H 19652-16823 CBL-Mariner Releases 19652-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19652-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:25 <p>Information published.</p> Parsing issue in protobuf message-type extension <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2022-3510 19407-17084 19693-17084 19407-17084 19693-17084 Important 19407-17084 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 1.0 2025-09-03T22:05:40 <p>Information published.</p> 1.1 2026-02-18T03:05:26 <p>Information published.</p> Netlogon RPC Elevation of Privilege Vulnerability <p><strong>Does this vulnerability affect client operating systems?</strong></p> <p>This vulnerability only applies the Windows Server versions listed in the Security Update table.</p> <p><strong>Where can I find more information about these changes?</strong></p> <p>For more information please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a>.</p> <p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p> <p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.</p> <p><strong>How does Microsoft plan to address this vulnerability?</strong></p> <p>To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.</p> <p><strong>What is the timeline for this rollout?</strong></p> <p>Please refer to the planned enforcement timeline in the KB article: <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a>.</p> <p><strong>How can I be notified when the further updates are available?</strong></p> <p>When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p> Windows Netlogon Microsoft Yes CVE-2022-38023 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 2.1 2023-06-13T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 3.1 2023-07-18T07:00:00 <p>Removed the Security Hotpatch Update for the July 2023 revision as that package doesn't exist for this release cycle. You must install the Security Update to get the updated software.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2023-04-11T07:00:00 <p>Microsoft is announcing the release of the second phase of Windows security updates to address this vulnerability. The April 2023 updates remove the ability to disable RPC sealing by setting value 0 to the RequireSeal registry subkey. Please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a> for more information, including the planned enforcement timeline.</p> 3.0 2023-07-11T07:00:00 <p>Microsoft is announcing the release of the fourth phase of Windows security updates to address this vulnerability. The July 2023 updates remove the ability to set value 1 to the RequireSeal registry subkey and enables the Enforcement phase. Please see <a href="https://support.microsoft.com/help/5021130">How to manage Netlogon Protocol changes related to CVE-2022-38023</a> for more information, including the planned enforcement timeline.</p> Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Linux Kernel Microsoft Yes CVE-2022-38014 12069 12118 Elevation of Privilege 12069 Elevation of Privilege 12118 Important 12069 Important 12118 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12069 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12118 Release Notes https://github.com/microsoft/WSL2-Linux-Kernel 12069 Maybe Security Update 5.15.62.1 Release Notes https://github.com/Azure/iotedge-eflow/releases 12118 Maybe Security Update 1.4.2.12122 LTS Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2023-01-23T08:00:00 <p>Updated the build numbers. This is an informational update only.</p> Windows Group Policy Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Group Policy Preference Client Microsoft Yes CVE-2022-37992 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Andrea Pierini (@decoder_it) with Semperis 1.0 2022-11-08T08:00:00 <p>Information published.</p> Azure CycleCloud Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to brute force authentication and obtain a successful login.</p> <p><strong>What versions are impacted by this vulnerability?</strong></p> <p>All versions are impacted and should be updated based on the documentation provided in the CVE.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> Azure Microsoft Yes CVE-2022-41085 12102 12104 Elevation of Privilege 12102 Elevation of Privilege 12104 Important 12102 Important 12104 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12102 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12104 Release Notes https://docs.microsoft.com/en-us/azure/cyclecloud/packages 12102 Maybe Security Update 8.3.0 Release Notes https://docs.microsoft.com/en-us/azure/cyclecloud/packages 12104 Maybe Security Update 7.9.11 Yiming Xiang with <a href="https://www.nsfocus.cn/">NSFOCUS TIANJI LAB</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows ALPC Microsoft Yes CVE-2022-41100 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Microsoft Yes CVE-2022-41058 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Huichen Lin and Dong Seong Kim with <a href="https://www.itee.uq.edu.au/">School of Information Technology and Electrical Engineering - The University of Queensland</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Overlay Filter Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Overlay Filter Microsoft Yes CVE-2022-41101 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 12086 12085 12099 12098 12097 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12086 Elevation of Privilege 12085 Elevation of Privilege 12099 Elevation of Privilege 12098 Elevation of Privilege 12097 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12086 Important 12085 Important 12099 Important 12098 Important 12097 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12099 12098 12097 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12086 12085 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12086 12085 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12099 12098 12097 Yes Security Update 10.0.19045.2251 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Overlay Filter Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Overlay Filter Microsoft Yes CVE-2022-41102 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 12085 12086 12098 12097 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12098 Elevation of Privilege 12097 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12085 Important 12086 Important 12098 Important 12097 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12098 12097 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12098 12097 12099 Yes Security Update 10.0.19045.2251 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> .NET Framework Information Disclosure Vulnerability <p><strong>If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability?</strong></p> <p>Customers using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:</p> <ul> <li>If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework</li> <li>If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.</li> <li>If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.</li> </ul> <p>Please see <a href="https://github.com/dotnet/announcements/issues/239">Microsoft Security Advisory CVE 2022-41064 | .NET Information Disclosure Vulnerability</a> for more information.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within the SQL Connection Pool.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to exhaust all the threads in the thread pool.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could cause the attacker access queries from other users in the SQL Connection Pool.</p> .NET Framework Microsoft Yes CVE-2022-41064 12120 12119 11650-11930 11650-10483 11650-11568 11650-10049 11650-11571 11650-10051 11650-11898 11650-11569 11650-10482 11650-10481 11650-10816 11650-11802 11650-10852 11650-10378 11650-10543 11650-11929 11650-10047 11650-11896 11650-10484 11650-10855 11650-10379 11650-11801 11650-11897 11650-10853 11723-10852 11723-10816 11723-10853 11723-10855 11862-11569 11862-11568 11862-11570 11862-11572 11862-11571 11650-11931 12078-11896 12078-11897 12078-11898 12078-11929 12078-11930 12078-11931 11650-11572 11650-10048 11863-10379 12078-12086 12078-11927 11650-12097 11863-10048 11650-12098 11650-11927 11863-10378 12078-12099 12078-12098 12078-12085 11650-12099 11863-10543 11863-10482 11863-10481 11863-10484 12078-12097 12078-11926 12078-11802 12078-11801 11863-10047 11650-11926 11863-10049 11863-10483 11863-10051 12115-9318 12115-9312 12115-10287 12115-9344 11650-11570 11650-11923 11650-11924 12078-11923 12078-11924 12136-10729 12136-10735 Information Disclosure 12120 Information Disclosure 12119 Information Disclosure 11650-11930 Information Disclosure 11650-10483 Information Disclosure 11650-11568 Information Disclosure 11650-10049 Information Disclosure 11650-11571 Information Disclosure 11650-10051 Information Disclosure 11650-11898 Information Disclosure 11650-11569 Information Disclosure 11650-10482 Information Disclosure 11650-10481 Information Disclosure 11650-10816 Information Disclosure 11650-11802 Information Disclosure 11650-10852 Information Disclosure 11650-10378 Information Disclosure 11650-10543 Information Disclosure 11650-11929 Information Disclosure 11650-10047 Information Disclosure 11650-11896 Information Disclosure 11650-10484 Information Disclosure 11650-10855 Information Disclosure 11650-10379 Information Disclosure 11650-11801 Information Disclosure 11650-11897 Information Disclosure 11650-10853 Information Disclosure 11723-10852 Information Disclosure 11723-10816 Information Disclosure 11723-10853 Information Disclosure 11723-10855 Information Disclosure 11862-11569 Information Disclosure 11862-11568 Information Disclosure 11862-11570 Information Disclosure 11862-11572 Information Disclosure 11862-11571 Information Disclosure 11650-11931 Information Disclosure 12078-11896 Information Disclosure 12078-11897 Information Disclosure 12078-11898 Information Disclosure 12078-11929 Information Disclosure 12078-11930 Information Disclosure 12078-11931 Information Disclosure 11650-11572 Information Disclosure 11650-10048 Information Disclosure 11863-10379 Information Disclosure 12078-12086 Information Disclosure 12078-11927 Information Disclosure 11650-12097 Information Disclosure 11863-10048 Information Disclosure 11650-12098 Information Disclosure 11650-11927 Information Disclosure 11863-10378 Information Disclosure 12078-12099 Information Disclosure 12078-12098 Information Disclosure 12078-12085 Information Disclosure 11650-12099 Information Disclosure 11863-10543 Information Disclosure 11863-10482 Information Disclosure 11863-10481 Information Disclosure 11863-10484 Information Disclosure 12078-12097 Information Disclosure 12078-11926 Information Disclosure 12078-11802 Information Disclosure 12078-11801 Information Disclosure 11863-10047 Information Disclosure 11650-11926 Information Disclosure 11863-10049 Information Disclosure 11863-10483 Information Disclosure 11863-10051 Information Disclosure 12115-9318 Information Disclosure 12115-9312 Information Disclosure 12115-10287 Information Disclosure 12115-9344 Information Disclosure 11650-11570 Information Disclosure 11650-11923 Information Disclosure 11650-11924 Information Disclosure 12078-11923 Information Disclosure 12078-11924 Information Disclosure 12136-10729 Information Disclosure 12136-10735 Important 12120 Important 12119 Important 11650-11930 Important 11650-10483 Important 11650-11568 Important 11650-10049 Important 11650-11571 Important 11650-10051 Important 11650-11898 Important 11650-11569 Important 11650-10482 Important 11650-10481 Important 11650-10816 Important 11650-11802 Important 11650-10852 Important 11650-10378 Important 11650-10543 Important 11650-11929 Important 11650-10047 Important 11650-11896 Important 11650-10484 Important 11650-10855 Important 11650-10379 Important 11650-11801 Important 11650-11897 Important 11650-10853 Important 11723-10852 Important 11723-10816 Important 11723-10853 Important 11723-10855 Important 11862-11569 Important 11862-11568 Important 11862-11570 Important 11862-11572 Important 11862-11571 Important 11650-11931 Important 12078-11896 Important 12078-11897 Important 12078-11898 Important 12078-11929 Important 12078-11930 Important 12078-11931 Important 11650-11572 Important 11650-10048 Important 11863-10379 Important 12078-12086 Important 12078-11927 Important 11650-12097 Important 11863-10048 Important 11650-12098 Important 11650-11927 Important 11863-10378 Important 12078-12099 Important 12078-12098 Important 12078-12085 Important 11650-12099 Important 11863-10543 Important 11863-10482 Important 11863-10481 Important 11863-10484 Important 12078-12097 Important 12078-11926 Important 12078-11802 Important 12078-11801 Important 11863-10047 Important 11650-11926 Important 11863-10049 Important 11863-10483 Important 11863-10051 Important 12115-9318 Important 12115-9312 Important 12115-10287 Important 12115-9344 Important 11650-11570 Important 11650-11923 Important 11650-11924 Important 12078-11923 Important 12078-11924 Important 12136-10729 Important 12136-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12120 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12119 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11930 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10483 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11568 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10049 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11571 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10051 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11898 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11569 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10482 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10481 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10816 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11802 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10852 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10378 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10543 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11929 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10047 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11896 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10484 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10855 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10379 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11801 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11897 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10853 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11723-10852 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11723-10816 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11723-10853 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11723-10855 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11862-11569 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11862-11568 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11862-11570 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11862-11572 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11862-11571 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11931 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11896 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11897 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11898 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11929 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11930 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11931 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11572 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10048 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10379 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-12086 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11927 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-12097 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10048 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-12098 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11927 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10378 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-12099 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-12098 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-12085 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-12099 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10543 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10482 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10481 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10484 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-12097 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11926 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11802 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11801 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10047 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11926 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10049 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10483 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10051 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9318 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9312 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-10287 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9344 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11570 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11923 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-11924 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11923 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12078-11924 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12136-10729 5.8 5.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12136-10735 Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/ 12120 Maybe Security Update 2.1.2 Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/ 12119 Maybe Security Update 4.8.4 5020687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020613 5017500, 5018858, 5018545 11650-11930 11650-11929 11650-11931 Maybe Security Update 4.8.04584.08 5020690 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020620 5016568, 5018549 11650-10483 11650-10482 11650-10481 11650-10543 11650-10484 Maybe Monthly Rollup 4.8.04005.02 5020680 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020608 11650-10483 11650-10482 11650-10543 Maybe Security Only 6.3.04585.01 5020685 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020615 5013868, 50185 11650-11568 11650-11569 Maybe Monthly Rollup 10.0.04585.02 5020688 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020621 5013870, 5018547 11650-10049 11650-10051 11650-10047 11650-10048 Maybe Monthly Rollup 4.8.04585.02 5020678 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020609 11650-10049 11650-10051 11650-10047 11650-10048 Maybe Security Only 6.2.04585.01 5020685 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5018210 5013868, 50185 11650-11571 11650-11572 Maybe Security Update 10.0.09110.12 5020801 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020613 5017499, 5018857, 5018544 11650-11898 11650-11896 11650-11897 Maybe Security Update 4.8.04584.08 5020680 11650-10481 Maybe Security Only 6.3.04585.01 5020614 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020614 5013625, 5018515 11650-10816 11650-10852 11650-10855 11650-10853 Maybe Security Update 10.0.04585.02 5020686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020613 5017498, 5018856, 5018543 11650-11802 11650-11801 Maybe Security Update 4.8.04584.08 5020689 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020618 5013871, 5018548 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04585.02 5020679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020606 11650-10378 11650-10379 Maybe Security Only 6.2.04585.01 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 11723-10852 11723-10816 11723-10853 11723-10855 Yes Security Update 10.0.14393.5501 5020685 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020627 5013868, 50185 11862-11569 11862-11568 11862-11570 11862-11572 11862-11571 Maybe Security Update 10.0.04005.02 5020801 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020623 5017499, 5018857, 5018544 12078-11896 12078-11897 12078-11898 Maybe Security Update 4.8.09110.07 5020687 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020623 5017500, 5018858, 5018545 12078-11929 12078-11930 12078-11931 Maybe Security Update 4.8.09110.07 5020689 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020628 5013871, 5018548 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04005.02 5020679 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020610 11863-10379 11863-10378 Maybe Security Only 6.2.04005.01 5020622 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020622 5017271, 5018341 12078-12086 12078-12085 Maybe Security Update 4.8.09110.07 5020695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020624 5017497, 5018859, 5018546 12078-11927 12078-11926 Maybe Security Update 4.8.04584.08 5020694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020613 5017651, 5018202 11650-12097 11650-12098 11650-12099 Maybe Security Update 4.8.04584.08 5020688 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020630 5013870, 5018547 11863-10048 11863-10047 11863-10049 11863-10051 Maybe Monthly Rollup 4.7.04005.02 5020678 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020612 11863-10048 11863-10047 11863-10049 11863-10051 Maybe Security Only 6.0.04005.01 5020695 5017497, 5018859, 5018546 11650-11927 Maybe Security Update 4.8.04584.08 5020694 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020623 5017651, 5018202 12078-12099 12078-12098 12078-12097 Maybe Security Update 4.8.09110.07 5020690 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020629 5016568, 5018549 11863-10543 11863-10482 11863-10481 11863-10484 11863-10483 Maybe Monthly Rollup 4.8.04005.02 5020680 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020611 11863-10543 11863-10482 11863-10481 11863-10484 11863-10483 Maybe Security Only 6.3.04005.01 5020686 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020623 5017498, 5018856, 5018543 12078-11802 12078-11801 Maybe Security Update 4.8.09110.07 5020695 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020617 5017497, 5018859, 5018546 11650-11926 Maybe Security Update 4.8.04584.08 5020691 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020630 5018550, 5013873 12115-9318 12115-9312 12115-10287 12115-9344 Maybe Monthly Rollup 4.7.04005.02 5020681 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020612 12115-9318 12115-9312 12115-10287 12115-9344 Maybe Security Only 6.0.04005.01 5020685 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020615 5013868, 5018542 11650-11570 Maybe Security Update 10.0.04585.02 5020692 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020619 5017501, 5018860, 5018551 11650-11923 11650-11924 Maybe Security Update 4.8.04584.08 5020692 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020632 5017501, 5018860, 5018551 12078-11923 12078-11924 Maybe Security Update 4.8.09110.07 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 12136-10729 12136-10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 12136-10729 12136-10735 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2022-11-14T08:00:00 <p>In the Security Updates table, added .NET Framework 4.8 installed on supported editions of Windows Server 2022, and added .NET Framework 4.8.1 installed on supported editions of Windows Server 2022 as these versions of Window Server 2022 with .NET Framework 4.8 or 4.8.1 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.</p> 2.1 2022-11-15T08:00:00 <p>In the Security Updates table, removed unsupported version of .NET Framework on Windows 10 version 1809. This is an informational update only.</p> 1.1 2022-11-10T08:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 2.2 2022-12-15T08:00:00 <p>The following revisions have been made: 1) Added .NET Framework 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 3.0 2023-02-01T08:00:00 <p>In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.</p> GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Azure cli, which is published on GitHub and for which GitHub is the CVE Naming Authority (CNA). It is being documented in the Security Update Guide to inform customers using the azure-cli that they need to apply the updated version. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Azure GitHub, Inc. Yes CVE-2022-39327 12103 Remote Code Execution 12103 Critical 12103 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Improper Control of Generation of Code ('Code Injection') in Azure CLI https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.42.0 2.41.0 12103 Maybe Security Update 2.42.0 1.0 2022-11-08T08:00:00 <p>Information published.</p> GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires a malicious actor to convince a victim to close a repository with a symbolic link pointing to sensitive information on a victim's machine.</p> <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p>For more information see: <a href="https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85">Local clone optimization dereferences symbolic links by default</a>.</p> Visual Studio GitHub Yes CVE-2022-39253 11935 12081 11969 11600 12051 Information Disclosure 11935 Information Disclosure 12081 Information Disclosure 11969 Information Disclosure 11600 Information Disclosure 12051 Important 11935 Important 12081 Important 11969 Important 11600 Important 12051 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.3 12081 Maybe Security Update 17.3.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.16 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.51 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.10 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A locally authenticated attacker could manipulate information on Windows System Monitor (Sysmon) to achieve elevation from local user to SYSTEM admin.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> SysInternals Microsoft Yes CVE-2022-41120 12114 Elevation of Privilege 12114 Important 12114 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12114 Release Notes https://download.sysinternals.com/files/Sysmon.zip 12114 Maybe Security Update 14.11 <a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-12-22T08:00:00 <p>Corrected the affected product name in the CVE title and in the FAQs. This is an informational change only.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Microsoft Office SharePoint Microsoft Yes CVE-2022-41122 10950 11099 11585 11961 10612 Spoofing 10950 Spoofing 11099 Spoofing 11585 Spoofing 11961 Spoofing 10612 Important 10950 Important 11099 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10612 5002269 https://www.microsoft.com/download/details.aspx?familyid=27e5d441-41bb-42c3-8e4e-14775c96de2d 5002222 10950 Maybe Security Update 16.0.5361.1002 5002269 https://support.microsoft.com/help/5002269 10950 5002264 https://www.microsoft.com/download/details.aspx?familyid=21ec2696-1aff-4662-b0a4-f0fad0c99a05 11099 Maybe Cumulative Update 15.0.5485.1000 5002267 https://www.microsoft.com/download/details.aspx?familyid=3f67bfcd-bc5d-4202-9cc1-f75a382ce3b6 5002219 11099 10612 Maybe Security Update 15.0.5485.1000 5002267 https://support.microsoft.com/help/5002267 11099 10612 5002258 https://www.microsoft.com/download/details.aspx?familyid=df4dec61-80ba-4027-8bca-07c92570f48e 5002212 11585 Maybe Security Update 16.0.10390.20000 5002258 https://support.microsoft.com/help/5002258 11585 5002271 https://www.microsoft.com/download/details.aspx?familyid=ea9525e4-53f9-42ee-ae42-cc83495a62a4 11961 Maybe Security Update 16.0.15601.20052 5002271 https://support.microsoft.com/help/5002271 11961 <a href="https://twitter.com/cursered">Li Jian Tao (@CurseRed)</a> with <a href="https://starlabs.sg/">STAR Labs</a> 1.0 2022-11-08T08:00:00 <p>Information published. This CVE was addressed by updates that were released in September 2022, but the CVE was omitted from the September 2022 Security Updates. This is an informational change only. Customers who have already installed the September 2022 update do not need to take any further action.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-41078 11682 11956 11957 12038 12039 Spoofing 11682 Spoofing 11956 Spoofing 11957 Spoofing 12038 Spoofing 12039 Important 11682 Important 11956 Important 11957 Important 12038 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5019758 https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997 5019076 11682 Yes Security Update 15.00.1497.044 5019758 https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a 5019077 11956 Yes Security Update 15.01.2375.037 5019758 https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef 5019077 11957 Yes Security Update 15.02.0986.036 5019758 https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2 5019077 12038 Yes Security Update 15.02.1118.020 5019758 https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62 5019077 12039 Yes Security Update 15.01.2507.016 <a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-12-13T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Microsoft Yes CVE-2022-41123 12038 12039 11957 11956 Elevation of Privilege 12038 Elevation of Privilege 12039 Elevation of Privilege 11957 Elevation of Privilege 11956 Important 12038 Important 12039 Important 11957 Important 11956 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 5019758 https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2 5019077 12038 Yes Security Update 15.02.1118.020 5019758 https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62 5019077 12039 Yes Security Update 15.01.2507.016 5019758 https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef 5019077 11957 Yes Security Update 15.02.0986.036 5019758 https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a 5019077 11956 Yes Security Update 15.01.2375.037 <a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.</p> Microsoft Exchange Server Microsoft Yes CVE-2022-41079 12038 12039 11956 11682 11957 Spoofing 12038 Spoofing 12039 Spoofing 11956 Spoofing 11682 Spoofing 11957 Important 12038 Important 12039 Important 11956 Important 11682 Important 11957 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 5019758 https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2 5019077 12038 Yes Security Update 15.02.1118.020 5019758 https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62 5019077 12039 Yes Security Update 15.01.2507.016 5019758 https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a 5019077 11956 Yes Security Update 15.01.2375.037 5019758 https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997 5019076 11682 Yes Security Update 15.00.1497.044 5019758 https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef 5019077 11957 Yes Security Update 15.02.0986.036 Piotr Bazydlo (@chudypb) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> <a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-11-15T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> 1.2 2022-12-13T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Microsoft Yes CVE-2022-41080 12039 12038 11682 11957 11956 Elevation of Privilege 12039 Elevation of Privilege 12038 Elevation of Privilege 11682 Elevation of Privilege 11957 Elevation of Privilege 11956 Critical 12039 Critical 12038 Critical 11682 Critical 11957 Critical 11956 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11956 5019758 https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf62 5019077 12039 Yes Security Update 15.01.2507.016 5019758 https://www.microsoft.com/download/details.aspx?familyid=bbba5ecc-0ab5-466c-98bb-766c46a78fc2 5019077 12038 Yes Security Update 15.02.1118.020 5019758 https://www.microsoft.com/download/details.aspx?familyid=124eeb2b-4066-459e-9416-ee98683f4997 5019076 11682 Yes Security Update 15.00.1497.044 5019758 https://www.microsoft.com/download/details.aspx?familyid=09804a62-d5b7-4e38-9902-010326747aef 5019077 11957 Yes Security Update 15.02.0986.036 5019758 https://www.microsoft.com/download/details.aspx?familyid=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a 5019077 11956 Yes Security Update 15.01.2375.037 <a href="https://twitter.com/rskvp93">rskvp93</a>, <a href="https://twitter.com/_q5ca">Q5Ca</a> and <a href="https://twitter.com/hoangnx99">nxhoang99</a> with <a href="https://lab.viettelcybersecurity.com/">VcsLab of Viettel Cyber Security</a> <a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-12-15T08:00:00 <p>Added an acknowledgement. This is an informational change only.</p> AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions <p><strong>Are any additional steps required to protect my system after installing the November Windows updates?</strong></p> <p>Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.</p> <ul> <li>Microsoft Windows client customers: See <a href="https://support.microsoft.com/help/4073119">Microsoft Knowledge Base Article 4073119</a>.</li> <li>Microsoft Windows Server/Azure Stack HCI customers: See <a href="https://support.microsoft.com/help/4072698">Microsoft Knowledge Base Article 4072698</a> for additional information, including workarounds.</li> </ul> <p>Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect VMs running in Azure. More information can be found <a href="https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities">here</a>.</p> <p><strong>Can I expect any performance impact after I configure the registry keys?</strong></p> <p>In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security.</p> <p><strong>Are Microsoft Azure assets protected?</strong></p> <p>Microsoft has already deployed mitigations across our cloud services. More information is available <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/mitigate-se">here</a>.</p> <p><strong>How do I know if I am affected?</strong></p> <p>Please refer to AMD advisory <a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">AMD-SB-1037</a> to determine which AMD CPUs are affected.</p> <p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p> <p>Please see the following for more information:</p> <ul> <li><a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040">AMD-SB-1040</a></li> </ul> AMD CPU Branch AMD Yes CVE-2022-23824 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-11-14T08:00:00 <p>Updated FAQs to provide the following information: 1) Extra security features customers might with to implement. 2) Affect on performance impact. 3) How to know if you are affected. These are informational changes only.</p> OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun <p><strong>Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>Where can I find further guidance for this OpenSSL vulnerability?</strong></p> <p>For more information and guidance see <a href="https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/">Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)</a>.</p> Open Source Software OpenSSL Software Foundation Yes CVE-2022-3786 11669 12116 12117 11669 12116 12117 11669 12116 12117 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A Release Notes https://github.com/Azure/AKS/issues/3299 11669 Maybe Security Update 2022.11.02 Release Notes https://devblogs.microsoft.com/cppblog/fix-for-high-risk-openssl-security-vulnerabilities-announced-guidance-for-vcpkg-users/ 12116 12117 Maybe Security Update 1.0 2022-11-02T07:00:00 <p>Information published.</p> OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun <p><strong>Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>Where can I find further guidance for this OpenSSL vulnerability?</strong></p> <p>For more information and guidance see <a href="https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/">Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)</a>.</p> Open Source Software OpenSSL Software Foundation Yes CVE-2022-3602 11669 12116 12117 11669 12116 12117 11669 12116 12117 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;DOS:N/A Release Notes https://github.com/Azure/AKS/issues/3299 11669 Maybe Security Update 2022.11.02 Release Notes https://devblogs.microsoft.com/cppblog/fix-for-high-risk-openssl-security-vulnerabilities-announced-guidance-for-vcpkg-users/ 12116 12117 Maybe Security Update 1.0 2022-11-02T07:00:00 <p>Information published.</p> Windows Scripting Languages Remote Code Execution Vulnerability <p><strong>The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?</strong></p> <p>This vulnerability impacts the JScript9 scripting language.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> Windows Scripting Microsoft Yes CVE-2022-41128 11568 11569 11570 11571 11896 11897 11898 11923 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10047 10048 10481 10482 10484 10051 10378 10483 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10378 Remote Code Execution 10483 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 10051 Critical 10378 Critical 10483 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11896 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11897 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11898 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10047 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10048 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10481 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10482 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10484 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 Yes Security Update 10.0.20348.1249 5019080 11923 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 5019958 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958 5018413 10047 10048 10051 Yes IE Cumulative 6.1.7601.26221 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10484 10483 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 5019958 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958 5018413 10481 10482 Yes IE Cumulative 6.3.9600.20670 5020023 5018474 10484 Yes Monthly Rollup 6.3.9600.20671 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 5019958 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958 5018413 10378 Yes IE Cumulative 6.2.9200.23968 Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group 1.0 2022-11-08T08:00:00 <p>Information published.</p> Chromium: CVE-2022-3885 Use after free in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3885 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:28 <p>Information published.</p> Chromium: CVE-2022-3886 Use after free in Speech Recognition <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3886 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:31 <p>Information published.</p> Chromium: CVE-2022-3887 Use after free in Web Workers <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3887 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:34 <p>Information published.</p> Chromium: CVE-2022-3888 Use after free in WebCodecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3888 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:36 <p>Information published.</p> Chromium: CVE-2022-3889 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3889 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:39 <p>Information published.</p> Chromium: CVE-2022-3890 Heap buffer overflow in Crashpad <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.42</td> <td>107.0.5304.106</td> <td>11/10/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.72</td> <td>106.0.5249.181</td> <td>11/10/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-3890 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 107.0.1418.42 1.0 2022-11-10T17:16:41 <p>Information published.</p> Chromium: CVE-2022-4135 Heap buffer overflow in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2022-4135 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>107.0.1418.62</td> <td>107.0.5304.150</td> <td>11/28/2022</td> </tr> <tr> <td>Extended Stable</td> <td>106.0.1370.86</td> <td>106.0.5249.205</td> <td>11/28/2022</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2022-4135 11655 11655 11655 DOS:N/A Release Notes 107.0.1418.62 11655 No Security Update 107.0.1418.62 1.0 2022-11-28T15:34:45 <p>Information published.</p> Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.</p> <p><strong>Where can I find more information about these changes?</strong></p> <p>For more information please see <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p> <p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p> <p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>There is a known issue documented in the security updates that address this vulnerability, where Kerberos authentication might fail for user, computer, service, and GMSA accounts when serviced by Windows domain controllers that have installed Windows security updates released on November 8, 2022. Has an update been released that addresses this known issue?</strong></p> <p>Yes. The issue is addressed by out-of-band updates released to <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a> on and after November 17, 2022. Customers who have not already installed the security updates released on November 8, 2022 should install the out-of-band updates instead. Customers who have already installed the November 8, 2022 Windows security updates and who are experiencing issues should install the out-of-band updates.</p> <p>For more information about these updates please see the OS version specific info on <a href="http://aka.ms/wrh">Windows release health</a> at the following links:</p> <ul> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-11-22h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-11-22h2#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-11-21h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-11-21h2#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-server-2022#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-server-2022#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-22h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-22h2#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h2#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc%5D">https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc</a></li> <li><a href="%5Bhttps://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc</a></li> <li><a href="https://learn.microsoft.com/en/windows/release-health/status-windows-10-1809-and-windows-server-2019#2953msgdesc">https://learn.microsoft.com/en/windows/release-health/status-windows-10-1809-and-windows-server-2019#2953msgdesc</a></li> </ul> <p>For more information please see the <strong>Known Issues</strong> section of <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p> Windows Kerberos Microsoft Yes CVE-2022-37966 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2022-11-17T08:00:00 <p>To address a known issue where Kerberos authentication might fail for user, computer, service, and GMSA accounts when serviced by Windows domain controllers that have installed Windows security updates released on November 8, 2022, Microsoft is announcing the availability of out-of-band Windows updates available on the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For more information see the FAQs section of this CVE and the Known Issues section of <a href="https://support.microsoft.com/help/5021131">How to manage the Kerberos Protocol changes related to CVE-2022-37966</a>.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Role: Windows Hyper-V Microsoft Yes CVE-2022-38015 11569 11571 11572 11896 11923 11924 11926 11931 12086 12097 10735 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11931 Denial of Service 12086 Denial of Service 12097 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11896 Critical 11923 Critical 11924 Critical 11926 Critical 11931 Critical 12086 Critical 12097 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11569 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11569 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11931 12097 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10853 10816 10855 Yes Security Update 10.0.14393.5501 Eran Segal with <a href="https://www.safebreach.com/">Safebreach</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges.</p> <p><strong>Where can I find more information about these changes?</strong></p> <p>For more information please see <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a>.</p> <p><strong>Do I need to take further steps to be protected from this vulnerability?</strong></p> <p>Yes. Please review the KB article <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a>. This recommends that you:</p> <ol> <li>Use audit mode to review logs.</li> <li>Review third-party servers and clients.</li> </ol> <p><strong>If I install the updates and take no further action, what will be the impact?</strong></p> <p>Initially you will not be secure. There are additional actions an administrator needs to take that are outlined in the <a href="https://support.microsoft.com/help/5020805">KB article</a>.</p> <p><strong>Why do I need to follow the guidelines in how to manage the changes in Kerberos associated with CVE-2022-37967?</strong></p> <p>There is a risk of exploitation of the noted vulnerability if you don't take the required actions.</p> <p><strong>How does Microsoft plan to address this vulnerability?</strong></p> <p>To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout.</p> <p>UPDATE: Microsoft has released the October 2023 Windows security updates to implement Phase Five. For more information see <a href="https://support.microsoft.com/kb/5020805">KB article</a>.</p> <p><strong>What is the timeline for this rollout?</strong></p> <p>Please refer to the planned enforcement timeline in the <a href="https://support.microsoft.com/help/5020805">KB article</a>.</p> <p><strong>How can I be notified when the further updates are available?</strong></p> <p>When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a>.</p> <p><strong>I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?</strong></p> <p>The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart.</p> Windows Kerberos Microsoft Yes CVE-2022-37967 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5031361 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031361 5030214 11571 11572 Yes Security Update 10.0.17763.4974 5031364 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031364 5030216 11923 11924 Yes Security Update 10.0.20348.2031 5031364 http://support.microsoft.com/help/5031364 11923 11924 5031362 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031362 5030213 10816 10855 Yes Security Update 10.0.14393.6351 5031416 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031416 5030271 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22317 5031416 http://support.microsoft.com/kb/5031416 9312 10287 9318 9344 5031411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031411 9312 10287 9318 9344 Yes Security Only 6.0.6003.22317 5031411 http://support.microsoft.com/kb/5031411 9312 10287 9318 9344 5031408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031408 5030265 10051 10049 Yes Monthly Rollup 6.1.7601.26769 5031408 http://support.microsoft.com/kb/5031408 10051 10049 5031441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031441 10051 10049 Yes Security Only 6.1.7601.26769 5031441 http://support.microsoft.com/kb/5031441 10051 10049 5031442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031442 5030278 10378 10379 Yes Monthly Rollup 6.2.9200.24523 5031427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031427 10378 10379 Yes Security Only 6.2.9200.24523 5031419 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031419 5030269 10483 10543 Yes Monthly Rollup 6.3.9600.21620 5031407 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5031407 10483 10543 Yes Security Only 6.3.9600.21620 4.1 2023-07-18T07:00:00 <p>Removed the Security Hotpatch Update for the July 2023 revision as that package doesn't exist for this release cycle. You must install the Security Update to get the updated software.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2022-12-13T08:00:00 <p>Microsoft is announcing the release of the second phase of Windows security updates to address this vulnerability. These updates make changes to the Kerberos protocol to audit Windows devices by moving Windows domain controllers to Audit mode. With this update, all devices will be in Audit mode by default. Microsoft strongly recommends that customers install the December updates to be fully protected from this vulnerability. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p> <p>For more information see <a href="https://support.microsoft.com/kb/5020805">KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967</a>.</p> 3.0 2023-06-13T07:00:00 <p>Microsoft is announcing the release of the third phase of Windows security updates to address this vulnerability. These updates remove the ability to disable PAC signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft strongly recommends that customers install the June updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p> 4.0 2023-07-11T07:00:00 <p>Microsoft is announcing the release of the fourth phase of Windows security updates to address this vulnerability. These updates remove the ability to set value 1 for the KrbtgtFullPacSignature subkey, and enable the Enforcement mode (Default) (KrbtgtFullPacSignature = 3) which can be overridden by an Administrator with an explicit Audit setting. Microsoft strongly recommends that customers install the July updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action.</p> 5.0 2023-10-10T07:00:00 <p>Microsoft is announcing the release of the fifth phase of Windows security updates to address this vulnerability. These updates remove support for the registry subkey <strong>KrbtgtFullPacSignature</strong> and remove support for Audit mode. Further, all service tickets without the new PAC signatures will now be denied authentication. Microsoft strongly recommends that customers install the October 2023 updates to be fully protected from this vulnerability, and review <a href="https://support.microsoft.com/help/5020805">How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967</a> for further information. Customers whose Windows devices are configured to receive automatic updates do not need to take any further action, but should review the article to fully understand the impact of these updates.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-41039 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Group Policy Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Group Policy Preference Client Microsoft Yes CVE-2022-41086 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.4 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Matthieu Buffet 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-41044 10047 10048 9312 10287 9318 9344 10051 10049 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Critical 10047 Critical 10048 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-41088 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11896 Critical 11897 Critical 11898 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10481 Critical 10482 Critical 10484 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows ALPC Microsoft Yes CVE-2022-41045 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-41090 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Windows ODBC Driver Microsoft Yes CVE-2022-41047 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Haifei Li with <a href="https://cyberkl.com/">CyberKL Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>To successfully exploit this vulnerability, a user must execute a SQL command.</p> Windows ODBC Driver Microsoft Yes CVE-2022-41048 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Haifei Li with <a href="https://cyberkl.com/">CyberKL Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <ul> <li>In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.</li> <li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.</li> <li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.</li> </ul> <p>In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2022-41091 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 12086 12085 12098 12099 12097 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 12086 Security Feature Bypass 12085 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12097 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12086 Important 12085 Important 12098 Important 12099 Important 12097 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation More Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11570 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11896 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11897 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11898 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11801 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11802 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11926 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11927 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10729 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10735 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10852 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10853 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10816 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10855 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12086 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12085 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12098 12099 12097 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12086 12085 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12086 12085 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12098 12099 12097 Yes Security Update 10.0.19045.2251 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2022-41092 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 namnp working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <ul> <li>In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.</li> <li>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.</li> <li>Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.</li> </ul> <p>In all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2022-41049 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 12086 12085 12099 12097 12098 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 12086 Security Feature Bypass 12085 Security Feature Bypass 12099 Security Feature Bypass 12097 Security Feature Bypass 12098 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12086 Important 12085 Important 12099 Important 12097 Important 12098 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11568 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11569 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11570 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11571 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11572 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11896 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11897 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11898 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11923 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11924 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11801 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11802 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11926 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11927 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11929 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11930 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 11931 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10729 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10735 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10852 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10853 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10816 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 10855 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12086 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12085 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12099 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12097 5.4 5.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C 12098 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12099 12097 12098 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12086 12085 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12086 12085 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12099 12097 12098 Yes Security Update 10.0.19045.2251 Will Dormann <a href="https://www.cert.org">CERT/CC</a> 1.1 2022-11-11T08:00:00 <p>Updated CVE to correct exploit status. This is an informational update only.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows Advanced Local Procedure Call Microsoft Yes CVE-2022-41093 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Extensible File Allocation Table Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows Extensible File Allocation Microsoft Yes CVE-2022-41050 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 10729 10735 10852 10853 10816 10855 12085 12086 12098 12097 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12098 Elevation of Privilege 12097 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12085 Important 12086 Important 12098 Important 12097 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12098 12097 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12098 12097 12099 Yes Security Update 10.0.19045.2251 HyungSeok Joo 1.0 2022-11-08T08:00:00 <p>Information published.</p> Azure RTOS GUIX Studio Remote Code Execution Vulnerability <p><strong>What is RTOS?</strong></p> <p>Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See <a href="https://azure.microsoft.com/en-us/services/rtos/">Azure RTOS Overview</a> for more information.</p> <p><strong>What is Azure RTOS GUIX Studio?</strong></p> <p>Azure GUIX embedded GUI is Microsoft’s advanced, industrial grade GUI solution designed specifically for deeply embedded, real-time, and IoT applications. Microsoft also provides a full-featured WYSIWYG desktop design tool named Azure RTOS GUIX Studio, which allows developers to design their GUI on the desktop and generate Azure RTOS GUIX embedded GUI code that can then be exported to the target. See <a href="https://docs.microsoft.com/en-us/azure/rtos/guix/overview-guix">Azure RTOS GUIX and Azure RTOS GUIX Studio</a> for more information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user of any privilege would need to run the malicious file downloaded via email, website or a thumb drive in order for the attack to be successful.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Azure Real Time Operating System Microsoft Yes CVE-2022-41051 12055 Remote Code Execution 12055 Important 12055 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12055 Release Notes https://apps.microsoft.com/store/detail/azure-rtos-guix-studio/9PBM1K1R7Q0F?hl=en-us&gl=us 12055 Maybe Security Update 6.2.0.0 HP of Cyber Kunlun Lab 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-41052 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11896 Remote Code Execution 11897 Remote Code Execution 11898 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Digital Media Receiver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2022-41095 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11929 11930 11931 12085 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11929 Important 11930 Important 11931 Important 12085 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Kerberos Denial of Service Vulnerability Windows Kerberos Microsoft Yes CVE-2022-41053 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2022-41096 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 Keqi Hu 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2022-41054 12085 12097 11923 12086 12098 12099 11927 11931 11898 11924 11929 11930 11926 11897 11802 11801 11571 11896 11572 10855 11570 11569 10852 10816 10853 11568 Elevation of Privilege 12085 Elevation of Privilege 12097 Elevation of Privilege 11923 Elevation of Privilege 12086 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 11927 Elevation of Privilege 11931 Elevation of Privilege 11898 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11926 Elevation of Privilege 11897 Elevation of Privilege 11802 Elevation of Privilege 11801 Elevation of Privilege 11571 Elevation of Privilege 11896 Elevation of Privilege 11572 Elevation of Privilege 10855 Elevation of Privilege 11570 Elevation of Privilege 11569 Elevation of Privilege 10852 Elevation of Privilege 10816 Elevation of Privilege 10853 Elevation of Privilege 11568 Important 12085 Important 12097 Important 11923 Important 12086 Important 12098 Important 12099 Important 11927 Important 11931 Important 11898 Important 11924 Important 11929 Important 11930 Important 11926 Important 11897 Important 11802 Important 11801 Important 11571 Important 11896 Important 11572 Important 10855 Important 11570 Important 11569 Important 10852 Important 10816 Important 10853 Important 11568 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11927 11926 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11931 11929 11930 Yes Security Update 10.0.19044.2251 5019959 https://support.microsoft.com/help/5019959 12097 12098 12099 11931 11898 11929 11930 11897 11802 11801 11896 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11898 11897 11896 Yes Security Update 10.0.19043.2251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11802 11801 Yes Security Update 10.0.19042.2251 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11571 11572 11570 11569 11568 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11571 11572 11570 11569 11568 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10855 10852 10816 10853 Yes Security Update 10.0.14393.5501 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Network Policy Server (NPS) Microsoft Yes CVE-2022-41097 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Human Interface Device Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Devices Human Interface Microsoft Yes CVE-2022-41055 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 <a href="https://github.com/troy532">Troy532</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows GDI+ Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows Win32K Microsoft Yes CVE-2022-41098 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11896 Information Disclosure 11897 Information Disclosure 11898 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10047 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10048 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10481 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10482 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10484 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Bing Sun 1.0 2022-11-08T08:00:00 <p>Information published.</p> Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability Network Policy Server (NPS) Microsoft Yes CVE-2022-41056 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11896 Denial of Service 11897 Denial of Service 11898 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> BitLocker Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> <p><strong>Are there additional steps that I need to take to be protected from this vulnerability?</strong></p> <p>Yes. You must apply the applicable Windows security update to your Windows Recovery Environment (WinRE). For more information about how to apply the WinRE update, see <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre">Add an update package to Windows RE</a>.</p> <p>IMPORTANT: End users and enterprises who are updating Windows devices which are already deployed in their environment can instead use the latest Windows Safe OS Dynamic Updates to update WinRE when the partition is too small to install the full Windows update. You can download the latest Windows Safe OS Dynamic Update from the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%20Safe%20OS%20Dynamic%20Update">Microsoft Update Catalog</a>.</p> <p><strong>Can a bootable Windows ISO or USB flash drive that boot to Windows RE be used to exploit this vulnerability?</strong></p> <p>No. The exploit is only possible with the winre.wim on the recovery partition of the device.</p> <p><strong>Can a vulnerable version of WinRE WIM file be used to exploit this vulnerability?</strong></p> <p>No. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. Please complete all steps in [Microsoft Learn | <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#apply-the-update-to-a-running-pc">Add an Update to Windows RE | Apply the update to a running PC</a> to ensure that the updated Windows RE image is turned on and correctly configured for your Windows installation.</p> <p><strong>If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN?</strong></p> <p>No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.</p> <p><strong>Is there a way I can automate the process of updating WinRE on my Windows devices which have already been deployed?</strong></p> <p>Yes. Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see <a href="https://support.microsoft.com/help/5025175">KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099</a> for more information.</p> Windows BitLocker Microsoft Yes CVE-2022-41099 11568 11569 11570 11896 11897 11898 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11896 Security Feature Bypass 11897 Security Feature Bypass 11898 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Important 11568 Important 11569 Important 11570 Important 11896 Important 11897 Important 11898 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11896 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11897 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11898 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 Yes Security Update 10.0.14393.5501 Anonymous 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2023-01-10T08:00:00 <p>The following updates have been made: 1) Added an FAQ with further steps customers need to take to protect the Windows Recovery Environment (WinRE) from this vulnerability. 2) Added an FAQ to further clarify that offline images are not affected by this vulnerability. These are informational changes only.</p> 1.2 2023-01-19T08:00:00 <p>Updated the FAQs to further clarify the update guidance for this CVE. This is an informational change only.</p> 1.3 2023-02-07T08:00:00 <p>The following updates have been made: 1) Added an FAQ to explain that a BitLocker encrypted drive cannot be accessed via an artibrary WinRE WIM hosted on an external drive. 2) Revised FAQ to clarify that the exploit is only possible with the winre.wim on the recovery partition of the device.</p> 1.4 2023-02-24T08:00:00 <p>Added an FAQ to explain that the vulnerability cannot be exploited if the user is protected by BitLocker TPM+PIN. This is an informational change only.</p> 1.5 2023-03-16T07:00:00 <p>Added an FAQ to inform customers that a sample script is now available to help automate updating WinRE from the running Windows OS. See <a href="https://support.microsoft.com/help/5025175">KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099</a> for more information.</p> Windows HTTP.sys Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows HTTP.sys Microsoft Yes CVE-2022-41057 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 James Forshaw of Google Project Zero 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Defense in Depth Update <p>Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure. This update provides hardening around IRM-protected documents to ensure the trust-of-certificate chain.</p> Microsoft Office Microsoft Yes ADV220003 10753 10754 10603 10601 10602 Defense in Depth 10753 Defense in Depth 10754 Defense in Depth 10603 Defense in Depth 10601 Defense in Depth 10602 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 3191869 https://www.microsoft.com/download/details.aspx?familyid=4bf81dff-fb42-4738-8f33-1c22097ae46f 10753 10754 Maybe Security Update 16.0.5369.1000 3191875 10603 Maybe Security Update 15.0.5501.1000 3191875 https://www.microsoft.com/download/details.aspx?familyid=296eb5c1-8025-4bf5-9348-f098f56cd0b6 10601 Maybe Security Update 15.0.5501.1000 3191875 https://www.microsoft.com/download/details.aspx?familyid=986e6189-02e6-467a-940b-4ac20d475b53 10602 Maybe Security Update 15.0.5501.1000 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Word Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2022-41060 11972 11953 11763 11952 11762 11605 11574 11573 10747 10746 11099 11585 10950 10606 10611 10605 10604 Information Disclosure 11972 Information Disclosure 11953 Information Disclosure 11763 Information Disclosure 11952 Information Disclosure 11762 Information Disclosure 11605 Information Disclosure 11574 Information Disclosure 11573 Information Disclosure 10747 Information Disclosure 10746 Information Disclosure 11099 Information Disclosure 11585 Information Disclosure 10950 Information Disclosure 10606 Information Disclosure 10611 Information Disclosure 10605 Information Disclosure 10604 Important 11972 Important 11953 Important 11763 Important 11952 Important 11762 Important 11605 Important 11574 Important 11573 Important 10747 Important 10746 Important 11099 Important 11585 Important 10950 Important 10606 Important 10611 Important 10605 Important 10604 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11972 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11605 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10747 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10746 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10606 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10611 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10605 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10604 5002291 https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c1 11972 Maybe Security Update 16.0.15601.20238 Click to Run 11953 11763 11952 11762 11574 11573 No Security Update https://aka.ms/OfficeSecurityReleases 5002276 https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f 5002228 11605 Maybe Security Update 16.0.10392.20000 5002223 https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db 5002184 10747 Maybe Security Update 16.0.5369.1000 5002223 https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d 5002184 10746 Maybe Security Update 16.0.5369.1000 5002235 https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4 5002062 11099 Maybe Security Update 15.0.5501.1000 5002294 https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c 5002278 11585 Maybe Security Update 16.0.10392.20000 5002305 https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5 5002287 10950 Maybe Security Update 16.0.5369.1000 5002217 5002187 10606 Maybe Security Update 15.0.5501.1000 5002261 https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236 5002214 10611 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c 5002187 10605 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af 5002187 10604 Maybe Security Update 15.0.5501.1000 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Word Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2022-41103 11585 10950 11972 11763 11762 11573 11605 11574 11961 10611 10606 10604 10605 11952 11953 10747 10746 11099 Information Disclosure 11585 Information Disclosure 10950 Information Disclosure 11972 Information Disclosure 11763 Information Disclosure 11762 Information Disclosure 11573 Information Disclosure 11605 Information Disclosure 11574 Information Disclosure 11961 Information Disclosure 10611 Information Disclosure 10606 Information Disclosure 10604 Information Disclosure 10605 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 10747 Information Disclosure 10746 Information Disclosure 11099 Important 11585 Important 10950 Important 11972 Important 11763 Important 11762 Important 11573 Important 11605 Important 11574 Important 11961 Important 10611 Important 10606 Important 10604 Important 10605 Important 11952 Important 11953 Important 10747 Important 10746 Important 11099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11972 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11605 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10611 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10606 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10604 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10605 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10747 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10746 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11099 5002294 https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c 5002278 11585 Maybe Security Update 16.0.10392.20000 5002305 https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5 5002287 10950 Maybe Security Update 16.0.5369.1000 5002291 https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c1 11972 Maybe Security Update 16.0.15601.20238 Click to Run 11763 11762 11573 11574 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002276 https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f 5002228 11605 Maybe Security Update 16.0.10392.20000 5002296 https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb 11961 Maybe Security Update 16.0.15601.20238 5002261 https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236 5002214 10611 Maybe Security Update 15.0.5501.1000 5002217 5002187 10606 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af 5002187 10604 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c 5002187 10605 Maybe Security Update 15.0.5501.1000 5002223 https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db 5002184 10747 Maybe Security Update 16.0.5369.1000 5002223 https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d 5002184 10746 Maybe Security Update 16.0.5369.1000 5002235 https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4 5002062 11099 Maybe Security Update 15.0.5501.1000 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p> <p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Word Microsoft Yes CVE-2022-41061 11972 11961 11605 11763 10746 11585 10950 11951 11099 11575 11762 10747 10611 10606 10604 10605 Remote Code Execution 11972 Remote Code Execution 11961 Remote Code Execution 11605 Remote Code Execution 11763 Remote Code Execution 10746 Remote Code Execution 11585 Remote Code Execution 10950 Remote Code Execution 11951 Remote Code Execution 11099 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 10747 Remote Code Execution 10611 Remote Code Execution 10606 Remote Code Execution 10604 Remote Code Execution 10605 Important 11972 Important 11961 Important 11605 Important 11763 Important 10746 Important 11585 Important 10950 Important 11951 Important 11099 Important 11575 Important 11762 Important 10747 Important 10611 Important 10606 Important 10604 Important 10605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11972 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10606 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10604 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10605 5002291 https://www.microsoft.com/download/details.aspx?familyid=94825ac1-0f72-495f-90d1-55819b5496c1 11972 Maybe Security Update 16.0.15601.20238 5002296 https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb 11961 Maybe Security Update 16.0.15601.20238 5002276 https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f 5002228 11605 Maybe Security Update 16.0.10392.20000 Click to Run 11763 11762 No Security Update https://aka.ms/OfficeSecurityReleases 5002223 https://www.microsoft.com/download/details.aspx?familyid=a7f28da0-feb3-4df8-96a9-769c00dc523d 5002184 10746 Maybe Security Update 16.0.5369.1000 5002294 https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c 5002278 11585 Maybe Security Update 16.0.10392.20000 5002305 https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5 5002287 10950 Maybe Security Update 16.0.5369.1000 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 11575 Maybe Security Update 16.67.22111300 5002235 https://www.microsoft.com/download/details.aspx?familyid=93cf3c1b-b072-455a-af57-f0d1510a4bc4 5002062 11099 Maybe Security Update 15.0.5501.1000 5002223 https://www.microsoft.com/download/details.aspx?familyid=855aa2b1-098c-4a36-aaf4-6fa4baf134db 5002184 10747 Maybe Security Update 16.0.5369.1000 5002261 https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236 5002214 10611 Maybe Security Update 15.0.5501.1000 5002217 5002187 10606 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=a6c97e3f-a709-482d-af7d-0d514387e8af 5002187 10604 Maybe Security Update 15.0.5501.1000 5002217 https://www.microsoft.com/download/details.aspx?familyid=1baec168-7386-43ca-8550-c441706fb05c 5002187 10605 Maybe Security Update 15.0.5501.1000 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> 2.0 2022-11-15T08:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Excel Security Feature Bypass Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Opening a malicious document could bypass the Microsoft Office Trust Center and upload local files to a remote attacker-specified folder.</p> Microsoft Office Excel Microsoft Yes CVE-2022-41104 11573 11574 11762 11763 11952 11953 10739 10740 10656 10654 10655 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10739 Security Feature Bypass 10740 Security Feature Bypass 10656 Security Feature Bypass 10654 Security Feature Bypass 10655 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10656 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10654 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002253 https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58 5002232 10739 Maybe Security Update 16.0.5369.1000 5002253 https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18 5002232 10740 Maybe Security Update 16.0.5369.1000 5002275 5002242 10656 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795 5002242 10654 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb 5002242 10655 Maybe Security Update 15.0.5501.1000 <a href="https://twitter.com/jdgregson">jdgregson</a> 1.2 2023-05-09T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.3 2023-05-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2023-03-23T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft Excel Information Disclosure Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Microsoft Office Microsoft Yes CVE-2022-41105 11573 11574 11762 11763 11952 11953 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11952 Information Disclosure 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p> <p>No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.</p> <p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2022-41062 10950 11099 11585 11961 10612 Remote Code Execution 10950 Remote Code Execution 11099 Remote Code Execution 11585 Remote Code Execution 11961 Remote Code Execution 10612 Important 10950 Important 11099 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10612 5002305 https://www.microsoft.com/download/details.aspx?familyid=c9c33854-521e-45c7-b7fc-9bf7348535c5 5002287 10950 Maybe Security Update 16.0.5369.1000 5002302 https://www.microsoft.com/download/details.aspx?familyid=d722a475-bf22-498d-862d-0378b2cfeb4a 5002283 11099 Maybe Cumulative Update 15.0.5501.1000 5002303 https://www.microsoft.com/download/details.aspx?familyid=4b609168-569a-46ec-a81d-baa844eeb8eb 5002284 11099 10612 Maybe Security Update 15.0.5501.1000 5002294 https://www.microsoft.com/download/details.aspx?familyid=070d2c13-8d45-49a7-8d97-3eb8d2cc980c 5002278 11585 Maybe Security Update 16.0.10392.20000 5002296 https://www.microsoft.com/download/details.aspx?familyid=e27e7041-ecdd-42b4-a712-cb73da73aceb 11961 Maybe Security Update 16.0.15601.20238 Anonymous 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Excel Microsoft Yes CVE-2022-41106 11573 11574 11605 11762 11763 11952 11953 10739 10740 10656 10654 10655 10611 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10611 Important 11573 Important 11574 Important 11605 Important 11762 Important 11763 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002276 https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f 5002228 11605 Maybe Security Update 16.0.10392.20000 5002253 https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58 5002232 10739 Maybe Security Update 16.0.5369.1000 5002253 https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18 5002232 10740 Maybe Security Update 16.0.5369.1000 5002275 5002242 10656 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795 5002242 10654 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb 5002242 10655 Maybe Security Update 15.0.5501.1000 5002261 https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236 5002214 10611 Maybe Security Update 15.0.5501.1000 <a href="https://talosintelligence.com/vulnerability_reports/">Marcin &quot;Icewall&quot; Noga of Cisco Talos</a> with <a href="https://twitter.com/talossecurity">Cisco Talos</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Office Excel Microsoft Yes CVE-2022-41063 11573 11574 11605 11762 11763 11952 11953 10739 10740 10656 10654 10655 10611 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11605 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10611 Important 11573 Important 11574 Important 11605 Important 11762 Important 11763 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Important 10611 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10656 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10654 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10655 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002276 https://www.microsoft.com/download/details.aspx?familyid=40d1468b-ec28-4d99-a6ea-4c2e7379e32f 5002228 11605 Maybe Security Update 16.0.10392.20000 5002253 https://www.microsoft.com/download/details.aspx?familyid=7d6cb935-b496-49c4-b953-b9459cef1b58 5002232 10739 Maybe Security Update 16.0.5369.1000 5002253 https://www.microsoft.com/download/details.aspx?familyid=fc553f79-28eb-4b3c-9250-1b2d2efe2b18 5002232 10740 Maybe Security Update 16.0.5369.1000 5002275 5002242 10656 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=fe7396b6-4b87-43e4-86b4-9af60ae89795 5002242 10654 Maybe Security Update 15.0.5501.1000 5002275 https://www.microsoft.com/download/details.aspx?familyid=43cfb551-8139-4267-a378-3bcc215901cb 5002242 10655 Maybe Security Update 15.0.5501.1000 5002261 https://www.microsoft.com/download/details.aspx?familyid=f9c71ca0-7c60-46ca-a9ad-f1d3ec4c6236 5002214 10611 Maybe Security Update 15.0.5501.1000 <a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Office Graphics Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p> <p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2022-41107 11573 11574 11575 11762 11763 11951 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.67.22111300 Mat Powell & Michael DePlante (@izobashi) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 2.0 2022-11-15T08:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 1.1 2022-11-10T08:00:00 <p>FAQ added to explain that the updates for Office 2019 for Mac and Office LTSC 2021 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2022-41109 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <a href="https://twitter.com/securiteam_ssd">Yongil Lee</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Microsoft Business Central Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could use it to view integration secrets that are owned by a different partner.</p> Microsoft Dynamics Microsoft Yes CVE-2022-41066 11746 11750 12109 12122 12123 Information Disclosure 11746 Information Disclosure 11750 Information Disclosure 12109 Information Disclosure 12122 Information Disclosure 12123 Important 11746 Important 11750 Important 12109 Important 12122 Important 12123 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11746 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11750 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12109 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12122 4.4 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12123 5021000 https://www.microsoft.com/en-us/download/details.aspx?id=104694 11746 Maybe Security Update 49345 5021001 https://www.microsoft.com/en-us/download/details.aspx?id=104695 11750 Security Update Application Build 14.42.49347, Platform Build 14.0 5021004 https://www.microsoft.com/en-us/download/details.aspx?id=104693 12109 Maybe Security Update Application Build 21.1.48638, Platform Build 21.0. 5021002 https://www.microsoft.com/en-us/download/details.aspx?id=104696 12122 Maybe Security Update Application Build 20.7.48483, Platform Build 20.0. 5021003 https://www.microsoft.com/en-us/download/details.aspx?id=104697 12123 Maybe Security Update Application Build 21.2.49990, Platform Build 21.0 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2022-11-10T08:00:00 <p>In the Security Updates table, added the following supported editions of Microsoft Dynamics as they are affected by this vulnerability: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 Business Central Spring 2019, Dynamics 365 Business Central 2021 Release Wave 2, and Dynamics 365 Business Central 2022 Release Wave 2. Microsoft strongly recommends that customers install the November updates to be fully protected from this vulnerability.</p> Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2022-41113 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5022286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286 5021237 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3887 5022286 https://support.microsoft.com/help/5022286 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 5022291 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291 5021249 11923 11924 Yes Security Update 10.0.20348.1487 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 11801 11802 Yes Security Update 10.0.19042.2486 5022282 https://support.microsoft.com/help/5022282 11801 11802 11929 11930 11931 12097 12098 12099 5022287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287 5021234 11926 11927 Yes Security Update 10.0.22000.1455 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 11929 11930 11931 Yes Security Update 10.0.19044.2486 5022303 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303 5021255 12085 12086 Yes Security Update 10.0.22621.1105 5022303 https://support.microsoft.com/help/5022303 12085 12086 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 12097 12098 12099 Yes Security Update 10.0.19045.2486 Anonymous YanZiShuang@BigCJTeam of cyberkl 2.1 2023-04-18T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> 2.2 2023-04-25T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.0 2022-11-08T08:00:00 <p>Information published.</p> 2.0 2023-01-10T08:00:00 <p>To comprehensively address CVE-2022-41113, Microsoft has released January 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.3 2023-10-12T07:00:00 <p>In the Security Updates table corrected the Article and Download links for Windows Server 2022 and Windows Server 2022 (Server Core installation). This is an informational change only.</p> Windows Bind Filter Driver Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Bind Filter Driver Microsoft Yes CVE-2022-41114 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12098 12097 12086 12099 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12098 Elevation of Privilege 12097 Elevation of Privilege 12086 Elevation of Privilege 12099 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12098 Important 12097 Important 12086 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12098 12097 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12098 12097 12099 Yes Security Update 10.0.19045.2251 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2022-41116 10047 10048 10051 10049 Denial of Service 10047 Denial of Service 10048 Denial of Service 10051 Denial of Service 10049 Important 10047 Important 10048 Important 10051 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10047 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10048 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 Microsoft's Windows Servicing and Delivery Group - Network Security and Containers (NSC) Team 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Print Spooler Components Microsoft Yes CVE-2022-41073 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10048 10051 10049 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10048 10051 10049 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10048 10051 10049 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10048 10051 10049 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020019 5018450 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21768 5020019 https://support.microsoft.com/help/5020019 9312 10287 9318 9344 5020005 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020005 9312 10287 9318 9344 Yes Security Only 6.0.6003.21768 5020005 https://support.microsoft.com/help/5020005 9312 10287 9318 9344 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 Microsoft Threat Intelligence Center (MSTIC) 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows Scripting Languages Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?</strong></p> <p>This vulnerability impacts both the JScript9 and Chakra scripting languages.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows Scripting Microsoft Yes CVE-2022-41118 12086 12097 12099 12085 12098 11931 11923 11930 11896 11926 11898 11929 11927 11897 11568 11801 10816 10047 11802 10852 10482 11570 11569 10051 10484 11571 10729 10735 10853 10481 10048 10483 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12099 Remote Code Execution 12085 Remote Code Execution 12098 Remote Code Execution 11931 Remote Code Execution 11923 Remote Code Execution 11930 Remote Code Execution 11896 Remote Code Execution 11926 Remote Code Execution 11898 Remote Code Execution 11929 Remote Code Execution 11927 Remote Code Execution 11897 Remote Code Execution 11568 Remote Code Execution 11801 Remote Code Execution 10816 Remote Code Execution 10047 Remote Code Execution 11802 Remote Code Execution 10852 Remote Code Execution 10482 Remote Code Execution 11570 Remote Code Execution 11569 Remote Code Execution 10051 Remote Code Execution 10484 Remote Code Execution 11571 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10853 Remote Code Execution 10481 Remote Code Execution 10048 Remote Code Execution 10483 Critical 12086 Critical 12097 Critical 12099 Critical 12085 Critical 12098 Critical 11931 Critical 11923 Critical 11930 Critical 11896 Critical 11926 Critical 11898 Critical 11929 Critical 11927 Critical 11897 Critical 11568 Critical 11801 Critical 10816 Critical 10047 Critical 11802 Critical 10852 Critical 10482 Critical 11570 Critical 11569 Critical 10051 Critical 10484 Critical 11571 Critical 10729 Critical 10735 Critical 10853 Critical 10481 Critical 10048 Critical 10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10047 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10048 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12086 12085 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12086 12085 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12099 12098 Yes Security Update 10.0.19045.2251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11931 11930 11929 Yes Security Update 10.0.19044.2251 5019959 https://support.microsoft.com/help/5019959 12097 12099 12098 11931 11930 11896 11898 11929 11897 11801 11802 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 Yes Security Update 10.0.20348.1249 5019080 11923 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11898 11897 Yes Security Update 10.0.19043.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11570 11569 11571 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11570 11569 11571 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10816 10852 10853 Yes Security Update 10.0.14393.5501 5020000 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020000 5018454 10047 10051 10048 Yes Monthly Rollup 6.1.7601.26221 5020000 https://support.microsoft.com/help/5020000 10047 10051 10048 5020013 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020013 10047 10051 10048 Yes Security Only 6.1.7601.26221 5020013 https://support.microsoft.com/help/5020013 10047 10051 10048 5019958 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958 5018413 10047 10051 10048 Yes IE Cumulative 6.1.7601.26221 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10482 10481 10483 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10482 10484 10481 10483 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10482 10481 10483 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10482 10481 10483 5019958 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019958 5018413 10482 10481 10483 Yes IE Cumulative 6.3.9600.20670 5020023 5018474 10484 Yes Monthly Rollup 6.3.9600.20671 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 Tim Cluff 1.0 2022-11-08T08:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Visual Studio Microsoft Yes CVE-2022-41119 12051 11600 11935 12081 11969 Remote Code Execution 12051 Remote Code Execution 11600 Remote Code Execution 11935 Remote Code Execution 12081 Remote Code Execution 11969 Important 12051 Important 11600 Important 11935 Important 12081 Important 11969 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12081 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.10 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.51 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.3 12081 Maybe Security Update 17.3.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.16 goodbyeselene 1.0 2022-11-08T08:00:00 <p>Information published.</p> Windows CNG Key Isolation Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows CNG Key Isolation Service Microsoft Yes CVE-2022-41125 11568 11569 11570 11571 11572 11896 11897 11898 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11896 Elevation of Privilege 11897 Elevation of Privilege 11898 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11896 Important 11897 Important 11898 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11896 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11897 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11898 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10481 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10482 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10484 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5019966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966 5018419 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3650 5019966 https://support.microsoft.com/help/5019966 11568 11569 11570 11571 11572 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11896 11897 11898 Yes Security Update 10.0.19043.2251 5019959 https://support.microsoft.com/help/5019959 11896 11897 11898 11801 11802 11929 11930 11931 12097 12098 12099 5019081 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081 5018421 11923 11924 Yes Security Update 10.0.20348.1249 5019080 11923 11924 Yes Security Hotpatch Update 10.0.20348.1251 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11801 11802 Yes Security Update 10.0.19042.2251 5019961 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961 5018418 11926 11927 Yes Security Update 10.0.22000.1219 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 5018410 11929 11930 11931 Yes Security Update 10.0.19044.2251 5019980 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980 5018427 12085 12086 Yes Security Update 10.0.22621.819 5019980 https://support.microsoft.com/help/5019980 12085 12086 5019959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959 12097 12098 12099 Yes Security Update 10.0.19045.2251 5019970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970 5018425 10729 10735 Yes Security Update 10.0.10240.19567 5019970 https://support.microsoft.com/help/5019970 10729 10735 5019964 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964 5018411 10852 10853 10816 10855 Yes Security Update 10.0.14393.5501 5020023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023 5018474 10481 10482 10483 10543 Yes Monthly Rollup 6.3.9600.20671 5020023 https://support.microsoft.com/help/5020023 10481 10482 10483 10543 5020010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010 10481 10482 10483 10543 Yes Security Only 6.3.9600.20670 5020010 https://support.microsoft.com/help/5020010 10481 10482 10484 10483 10543 5020010 10484 Yes Security Only 6.3.9600.20670 5020009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009 5018457 10378 10379 Yes Monthly Rollup 6.2.9200.23968 5020009 https://support.microsoft.com/help/5020009 10378 10379 5020003 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003 10378 10379 Yes Security Only 6.2.9200.23968 5020003 https://support.microsoft.com/help/5020003 10378 10379 <li>Microsoft Threat Intelligence Center (MSTIC) <li>Microsoft Security Response Center (MSRC) 1.0 2022-11-08T08:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-37454 https://nvd.nist.gov/vuln/detail/CVE-2022-37454 https://nvd.nist.gov/vuln/detail/CVE-2022-37454 https://nvd.nist.gov/vuln/detail/CVE-2022-37454 https://nvd.nist.gov/vuln/detail/CVE-2022-37454 https://nvd.nist.gov/vuln/detail/CVE-2022-37454 Mariner cve@mitre.org Yes CVE-2022-37454 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 python3 12137 python3-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-xml-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.7.13-5.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.13-5.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.13-5.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.13-5 python3 12138 python3-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-xml-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.7.13-5.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.13-5.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.13-5.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.13-5 php 12139 php-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-cli-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-dbg-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-fpm-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-common-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-devel-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-opcache-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-ldap-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pdo-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-mysqlnd-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pgsql-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-process-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-odbc-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-soap-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-snmp-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-xml-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-mbstring-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-gd-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-bcmath-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-gmp-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-dba-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-tidy-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pdo-dblib-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-embedded-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-pspell-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-intl-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-enchant-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-sodium-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-ffi-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 php-debuginfo-8.1.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.1.12-1 python3 12139 python3-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-5 php 12140 php-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-cli-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-dbg-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-fpm-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-common-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-devel-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-opcache-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-ldap-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pdo-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-mysqlnd-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pgsql-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-process-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-odbc-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-soap-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-snmp-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-xml-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-mbstring-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-gd-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-bcmath-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-gmp-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-dba-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-tidy-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pdo-dblib-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-embedded-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-pspell-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-intl-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-enchant-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-sodium-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-ffi-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 php-debuginfo-8.1.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.1.12-1 python3 12140 python3-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-5 1.0 2022-11-29T08:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-41974 https://nvd.nist.gov/vuln/detail/CVE-2022-41974 Mariner cve@mitre.org Yes CVE-2022-41974 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 device-mapper-multipath 12139 device-mapper-multipath-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kpartx-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 device-mapper-multipath-devel-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 device-mapper-multipath-debuginfo-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.6-4 device-mapper-multipath 12140 device-mapper-multipath-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kpartx-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 device-mapper-multipath-devel-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 device-mapper-multipath-debuginfo-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.6-4 1.0 2022-11-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-41973 https://nvd.nist.gov/vuln/detail/CVE-2022-41973 Mariner cve@mitre.org Yes CVE-2022-41973 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 device-mapper-multipath 12139 device-mapper-multipath-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 kpartx-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 device-mapper-multipath-devel-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 device-mapper-multipath-debuginfo-0.8.6-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.6-4 device-mapper-multipath 12140 device-mapper-multipath-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 kpartx-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 device-mapper-multipath-devel-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 device-mapper-multipath-debuginfo-0.8.6-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.8.6-4 1.0 2022-11-09T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-40617 https://nvd.nist.gov/vuln/detail/CVE-2022-40617 Mariner cve@mitre.org Yes CVE-2022-40617 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 strongswan 12139 strongswan-5.9.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 strongswan-debuginfo-5.9.8-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.9.8-1 strongswan 12140 strongswan-5.9.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 strongswan-debuginfo-5.9.8-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.9.8-1 1.0 2022-11-09T00:00:00 <p>Information published.</p>