Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2022-41045: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows ALPC#Security Vulnerability
CVE-2022-41088: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-39253: GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

CVE-2022-41044: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-41086: Windows Group Policy Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-41039: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-37992: Windows Group Policy Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38023: Netlogon RPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability

**Upon successful exploitation, what privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2022-38015: Windows Hyper-V Denial of Service Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.