Source

Microsoft Security Response Center

CVE-2022-44699: Azure Network Watcher Agent Security Feature Bypass Vulnerability

**What is Network Watcher?** Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products including Virtual Machines (VM), Virtual Networks, Application Gateways, Load balancers, etc. For more details, please refer to: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

3 years ago

Open in Source

#vulnerability #web #mac #microsoft #Azure #Security Vulnerability

CVE-2022-44689: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #linux #Windows Subsystem for Linux #Security Vulnerability

CVE-2022-44670: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #rce #Windows Secure Socket Tunneling Protocol (SSTP)#Security Vulnerability

CVE-2022-44669: Windows Error Reporting Elevation of Privilege Vulnerability

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #Windows Error Reporting #Security Vulnerability

CVE-2022-44687: Raw Image Extension Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #rce #Microsoft Windows Codecs Library #Security Vulnerability

CVE-2022-44713: Microsoft Outlook for Mac Spoofing Vulnerability

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #mac #microsoft #git #Microsoft Office Outlook #Security Vulnerability

CVE-2022-44710: DirectX Graphics Kernel Elevation of Privilege Vulnerability

3 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #Windows DirectX #Security Vulnerability

CVE-2022-44671: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

3 years ago