Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-37984: Windows WLAN Service Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows WLAN Service#Security Vulnerability
CVE-2022-41081: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-38016: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation

CVE-2022-37975: Windows Group Policy Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2022-37974: Windows Mixed Reality Developer Tools Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

CVE-2022-38022: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would only be able to delete empty folders on a vulnerable system in the context of the SYSTEM account. They would not gain privileges to view or modify file contents or delete folders containing files.

CVE-2022-38003: Windows Resilient File System Elevation of Privilege

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38051: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37973: Windows Local Session Manager (LSM) Denial of Service Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation

CVE-2022-38025: Windows Distributed File System (DFS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.