KB5015808: Windows 10 Version 1607 and Windows Server 2016 Security Update (July 2022)


The remote Windows host is missing security update 5015808. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-22024, CVE-2022-22027, CVE-2022-22029, CVE-2022-22038, CVE-2022-22039, CVE-2022-30211, CVE-2022-30214, CVE-2022-30221, CVE-2022-30222) - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. (CVE-2022-22023, CVE-2022-22048, CVE-2022-30203) - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22025, CVE-2022-22040, CVE-2022-22043, CVE-2022-30208) - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2022-22022, CVE-2022-22026, CVE-2022-22031, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22041, CVE-2022-22045, CVE-2022-22047, CVE-2022-22049, CVE-2022-22050, CVE-2022-30202, CVE-2022-30205, CVE-2022-30206, CVE-2022-30209, CVE-2022-30215, CVE-2022-30220, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226) - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21845, CVE-2022-22028, CVE-2022-22042, CVE-2022-22711, CVE-2022-30213, CVE-2022-30223) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.