Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-38038: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows Kernel#Security Vulnerability
CVE-2022-38037: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37988: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38040: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-38043: Windows Security Support Provider Interface Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2022-38032: Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

**In what scenarios can the security feature be bypassed?** On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage device to the affected machine.

CVE-2022-37983: Microsoft DWM Core Library Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.

CVE-2022-38027: Windows Storage Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.