Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-2478: Chromium: CVE-2022-2478 Use after free in PDF

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#pdf#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2022-2477: Chromium: CVE-2022-2477 Use after free in Guest View

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2022-35798: Azure Arc Jumpstart Information Disclosure Vulnerability

**What is the nature of this vulnerability?** An information disclosure vulnerabilty exists in Azure Arc Jumpstart that could allow an authenticated user to view certain credentials and other senstive information contained in a log file. **What are the circumstances leading to a successful exploitation?** The client virtual machine is protected behind a secured Azure virtual network (VNET) without access from the internet. A potential attacker would first have to compromise the VNET to have network access to the Azure client virtual machine (Azure Arc Jumpstart-Client). There is only one provisioned user on the client virtual machine, and this user’s credentials are protected by a username and password provided by the end-user at deployment time. There are no other “low level” users that have login access to the virtual machine. The only user credential with access to the VM is the one created and supplied by the original Azure Arc Jumpstart end-user. A potential attacker would firs...

CVE-2022-33677: Azure Site Recovery Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

CVE-2022-33676: Azure Site Recovery Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

CVE-2022-33675: Azure Site Recovery Elevation of Privilege Vulnerability

**How do I install the update to be protected from the CVE-2022-33675 and CVE-2022-33676 vulnerabilities?** Unlike other Azure Site Recovery CVEs, to be protected from this particular vulnerability customers must upgrade to version 9.49 of the Process Server by following the instructions here. Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any). More information about managing the Process Server can be found here.

CVE-2022-33674: Azure Site Recovery Elevation of Privilege Vulnerability

**What is Azure Site Recovery?** Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery **To what scenario does this vulnerability apply?** This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.

CVE-2022-33678: Azure Site Recovery Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

CVE-2022-23825: AMD: CVE-2022-23825 AMD CPU Branch Type Confusion

**Why is this AMD CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: * AMD-SB-1037

CVE-2022-33673: Azure Site Recovery Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.