#Security Vulnerability

CVE-2022-44677: Windows Projected File System Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #auth #Windows Projected File System #Security Vulnerability

CVE-2022-44676: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #rce #Windows Secure Socket Tunneling Protocol (SSTP)#Security Vulnerability

CVE-2022-44690: Microsoft SharePoint Server Remote Code Execution Vulnerability

**I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?** No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013. Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #microsoft #rce #Microsoft Office SharePoint #Security Vulnerability

CVE-2022-44682: Windows Hyper-V Denial of Service Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #dos #Role: Windows Hyper-V #Security Vulnerability

CVE-2022-44679: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #Microsoft Graphics Component #Security Vulnerability

CVE-2022-44683: Windows Kernel Elevation of Privilege Vulnerability

**What type of privileges could an attacker gain through this vulnerability?** A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #Windows Kernel #Security Vulnerability

CVE-2022-44680: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #windows #Microsoft Graphics Component #Security Vulnerability

CVE-2022-44681: Windows Print Spooler Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.