Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-34704: Windows Defender Credential Guard Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker that successfully exploited this vulnerability could recover plaintext from TLS-protected data.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#ssl#Windows Defender Credential Guard#Security Vulnerability
CVE-2022-24477: Microsoft Exchange Server Elevation of Privilege Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34692: Microsoft Exchange Information Disclosure Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34702: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35749: Windows Digital Media Receiver Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-35752: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35751: Windows Hyper-V Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35753: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35757: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What type of privileges could an attacker gain through this vulnerability?** A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.

CVE-2022-35756: Windows Kerberos Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of this vulnerability requires that a user trigger the payload in the application.