KB5013999: Windows 7 and Windows Server 2008 R2 Security Update (May 2022)

2022-05-10T00:00:00

Description

The remote Windows host is missing security update 5013999. It is, therefore, affected by multiple vulnerabilities - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141) - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937) - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "SMB_NT_MS22_MAY_5013999.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB5013999: Windows 7 and Windows Server 2008 R2 Security Update (May 2022)", "description": "The remote Windows host is missing security update 5013999. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-05-10T00:00:00", "modified": "2022-08-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/160937", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22013", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29105", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26931", "https://support.microsoft.com/help/5013999", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30138", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26936", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29115", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23270", "https://support.microsoft.com/help/5014012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22014", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22015", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26926", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26934", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29121", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26925", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22011", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29141", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29137", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22019", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26935", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29103", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29112"], "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26931", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29103", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-30138"], "immutableFields": [], "lastseen": "2023-01-10T19:20:15", "viewCount": 61, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:C3852904-E628-40EE-9AD4-445FC1899CF7"]}, {"type": "avleonov", "idList": ["AVLEONOV:4B6EFA5DE55BAEFCD9C72826A3524969", "AVLEONOV:8FE7F4C2B563A2A88EB2DA8822A13824"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0487", "CPAI-2022-0224", "CPAI-2022-0241", "CPAI-2022-0822"]}, {"type": "cisa", "idList": ["CISA:B55BB602515A4C4A2D3C252B1A8C9767", "CISA:F68E3446BD3C1E21B1B472DF044A0CC3"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-26925"]}, {"type": "cnvd", "idList": ["CNVD-2022-70056", "CNVD-2022-70059", "CNVD-2022-70061", "CNVD-2022-70062", "CNVD-2022-70063", "CNVD-2022-70066", "CNVD-2022-70067", "CNVD-2022-72853", "CNVD-2022-72854", "CNVD-2022-72855", "CNVD-2022-72856", "CNVD-2022-72858", "CNVD-2022-72859", "CNVD-2022-72860"]}, {"type": "cve", "idList": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26931", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-30138"]}, {"type": "githubexploit", "idList": ["790799A0-53ED-5602-9A75-82ED948CDD27", "8A8AB8F5-563E-5796-B6A2-8D4033E3EB25", "940BBB90-C055-5DBF-9C23-3CC67D2D239E", "A16AF2D6-A293-5D61-805B-E5ADAE02799C"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA"]}, {"type": "hivepro", "idList": ["HIVEPRO:846D6C3457AE99FD0B4F29A6398D6F81", "HIVEPRO:9ED793E90599B498499D6CB773C9F42F"]}, {"type": "kaspersky", "idList": ["KLA12524", "KLA12525", "KLA12526", "KLA12532", "KLA12533"]}, {"type": "krebs", "idList": ["KREBS:5FA70C019AB463F5E02A97C6891685D8"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0647495F01C9F1847B118A9E32BC6C13", "MALWAREBYTES:7697B62E0C0C7AA37884F3F73C3AF324"]}, {"type": "mscve", "idList": ["MS:CVE-2022-21972", "MS:CVE-2022-22011", "MS:CVE-2022-22012", "MS:CVE-2022-22013", "MS:CVE-2022-22014", "MS:CVE-2022-22015", "MS:CVE-2022-22019", "MS:CVE-2022-23270", "MS:CVE-2022-26925", "MS:CVE-2022-26926", "MS:CVE-2022-26931", "MS:CVE-2022-26934", "MS:CVE-2022-26935", "MS:CVE-2022-26936", "MS:CVE-2022-26937", "MS:CVE-2022-29103", "MS:CVE-2022-29104", "MS:CVE-2022-29105", "MS:CVE-2022-29112", "MS:CVE-2022-29115", "MS:CVE-2022-29121", "MS:CVE-2022-29127", "MS:CVE-2022-29128", "MS:CVE-2022-29129", "MS:CVE-2022-29130", "MS:CVE-2022-29131", "MS:CVE-2022-29132", "MS:CVE-2022-29137", "MS:CVE-2022-29139", "MS:CVE-2022-29141", "MS:CVE-2022-30136", "MS:CVE-2022-30138"]}, {"type": "mskb", "idList": ["KB5013944", "KB5013952", "KB5013963", "KB5013999", "KB5014001", "KB5014006", "KB5014010", "KB5014011", "KB5014012", "KB5014017", "KB5014018", "KB5014025"]}, {"type": "nessus", "idList": ["MACOS_MS22_JUL_OFFICE.NASL", "SMB_NT_MS22_JUL_OFFICE_C2R.NASL", "SMB_NT_MS22_MAY_5013941.NASL", "SMB_NT_MS22_MAY_5013942.NASL", "SMB_NT_MS22_MAY_5013943.NASL", "SMB_NT_MS22_MAY_5013944.NASL", "SMB_NT_MS22_MAY_5013945.NASL", "SMB_NT_MS22_MAY_5013952.NASL", "SMB_NT_MS22_MAY_5013963.NASL", "SMB_NT_MS22_MAY_5014001.NASL", "SMB_NT_MS22_MAY_5014006.NASL", "SMB_NT_MS22_MAY_5014018.NASL", "SMB_NT_MS22_MAY_RDC.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:7BB591052411447A2B315456D50D258C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "RAPID7BLOG:82692E307F294B32BDCAC4053EBE23B2"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947"]}, {"type": "thn", "idList": ["THN:6F5BF10AC5A30E497851C9ADE15C774A"]}, {"type": "threatpost", "idList": ["THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F", "THREATPOST:FFC96438DF87C2B7A1ABFD101EBC298C"]}, {"type": "zdi", "idList": ["ZDI-22-731", "ZDI-22-732"]}]}, "vulnersScore": 0.2}, "_state": {"score": 1673378620, "dependencies": 1673378777}, "_internal": {"score_hash": "120e3f5c7eba591da906c35cda4a6a89"}, "pluginID": "160937", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160937);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/30\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26931\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-29103\",\n \"CVE-2022-29105\",\n \"CVE-2022-29112\",\n \"CVE-2022-29115\",\n \"CVE-2022-29121\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29137\",\n \"CVE-2022-29139\",\n \"CVE-2022-29141\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013999\");\n script_xref(name:\"MSKB\", value:\"5014012\");\n script_xref(name:\"MSFT\", value:\"MS22-5013999\");\n script_xref(name:\"MSFT\", value:\"MS22-5014012\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n\n script_name(english:\"KB5013999: Windows 7 and Windows Server 2008 R2 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013999. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014012\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013999 or Cumulative Update 5014012\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5014012',\n '5013999'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1',\n sp:1,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014012, 5013999])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply Security Update 5013999 or Cumulative Update 5014012", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-29130", "vendor_cvss2": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-05-10T00:00:00", "vulnerabilityPublicationDate": "2022-05-10T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-10T19:21:11", "description": "The remote Windows host is missing security update 5014006. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5014006: Windows Server 2008 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26931", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29103", "CVE-2022-29112", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-30138"], "modified": "2022-07-04T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5014006.NASL", "href": "https://www.tenable.com/plugins/nessus/160936", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160936);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26931\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-29103\",\n \"CVE-2022-29112\",\n \"CVE-2022-29115\",\n \"CVE-2022-29121\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29137\",\n \"CVE-2022-29139\",\n \"CVE-2022-29141\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5014006\");\n script_xref(name:\"MSKB\", value:\"5014010\");\n script_xref(name:\"MSFT\", value:\"MS22-5014006\");\n script_xref(name:\"MSFT\", value:\"MS22-5014010\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n\n script_name(english:\"KB5014006: Windows Server 2008 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014006. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014010\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014006 or Cumulative Update 5014010\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5014010',\n '5014006'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0',\n sp:2,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014010, 5014006])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T08:16:37", "description": "The remote Windows host is missing security update 5013963. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013963: Windows 10 LTS 1507 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-30130", "CVE-2022-30138"], "modified": "2022-11-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013963.NASL", "href": "https://www.tenable.com/plugins/nessus/160926", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160926);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/18\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29112\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29121\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29137\",\n \"CVE-2022-29139\",\n \"CVE-2022-29141\",\n \"CVE-2022-30130\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013963\");\n script_xref(name:\"MSFT\", value:\"MS22-5013963\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0202-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013963: Windows 10 LTS 1507 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013963. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013963\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013963\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013963'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:10240,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013963])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:26:42", "description": "The remote Windows host is missing security update 5014001. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5014001: Windows Server 2012 R2 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30138"], "modified": "2022-10-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5014001.NASL", "href": "https://www.tenable.com/plugins/nessus/160931", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160931);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/14\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29112\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29134\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29141\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5014001\");\n script_xref(name:\"MSKB\", value:\"5014011\");\n script_xref(name:\"MSFT\", value:\"MS22-5014001\");\n script_xref(name:\"MSFT\", value:\"MS22-5014011\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5014001: Windows Server 2012 R2 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014001. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014001 or Cumulative Update 5014011\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5014011',\n '5014001'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014011, 5014001])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:21:10", "description": "The remote Windows host is missing security update 5014018. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5014018: Windows Server 2012 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29141", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30138"], "modified": "2022-10-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5014018.NASL", "href": "https://www.tenable.com/plugins/nessus/160946", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160946);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/14\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29112\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29141\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5014017\");\n script_xref(name:\"MSKB\", value:\"5014018\");\n script_xref(name:\"MSFT\", value:\"MS22-5014017\");\n script_xref(name:\"MSFT\", value:\"MS22-5014018\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n\n script_name(english:\"KB5014018: Windows Server 2012 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014018. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014018 or Cumulative update 5014017\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5014018',\n '5014017'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014018, 5014017])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T22:27:38", "description": "The remote Windows host is missing security update 5013945. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013945: Windows 10 version 1909 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-30138"], "modified": "2022-08-19T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013945.NASL", "href": "https://www.tenable.com/plugins/nessus/160938", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160938);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/19\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-23279\",\n \"CVE-2022-24466\",\n \"CVE-2022-26913\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26927\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29112\",\n \"CVE-2022-29113\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29121\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29131\",\n \"CVE-2022-29132\",\n \"CVE-2022-29137\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-29142\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013945\");\n script_xref(name:\"MSFT\", value:\"MS22-5013945\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013945: Windows 10 version 1909 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013945. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139,\n CVE-2022-29141)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013945\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013945'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:18363,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013945])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T18:34:30", "description": "The remote Windows host is missing security update 5013943. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2022-29133)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013943: Windows 11 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22017", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26940", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29116", "CVE-2022-29121", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29133", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-30138"], "modified": "2022-10-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013943.NASL", "href": "https://www.tenable.com/plugins/nessus/160930", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160930);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/14\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22017\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-23279\",\n \"CVE-2022-24466\",\n \"CVE-2022-26913\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26927\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26940\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29112\",\n \"CVE-2022-29113\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29116\",\n \"CVE-2022-29121\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29131\",\n \"CVE-2022-29132\",\n \"CVE-2022-29133\",\n \"CVE-2022-29137\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013943\");\n script_xref(name:\"MSFT\", value:\"MS22-5013943\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013943: Windows 11 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013943. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139,\n CVE-2022-29141)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2022-29133)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013943\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013943\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013943'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:22000,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013943])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T00:26:57", "description": "The remote Windows host is missing security update 5013952. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013952: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-24466", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29106", "CVE-2022-29112", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30130", "CVE-2022-30138"], "modified": "2022-11-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013952.NASL", "href": "https://www.tenable.com/plugins/nessus/160934", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160934);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/18\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-24466\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26932\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-26938\",\n \"CVE-2022-26939\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29106\",\n \"CVE-2022-29112\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29132\",\n \"CVE-2022-29134\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30130\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013952\");\n script_xref(name:\"MSFT\", value:\"MS22-5013952\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0202-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013952: Windows 10 Version 1607 and Windows Server 2016 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013952. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013952\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013952\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013952'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:14393,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013952])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T16:44:45", "description": "The remote Windows host is missing security update 5013941. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013941: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29106", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30138"], "modified": "2022-08-19T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013941.NASL", "href": "https://www.tenable.com/plugins/nessus/160928", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160928);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/19\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-24466\",\n \"CVE-2022-26913\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26927\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26932\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-26938\",\n \"CVE-2022-26939\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29106\",\n \"CVE-2022-29112\",\n \"CVE-2022-29113\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29131\",\n \"CVE-2022-29132\",\n \"CVE-2022-29134\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-29142\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013941\");\n script_xref(name:\"MSFT\", value:\"MS22-5013941\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013941: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013941. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139,\n CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013941\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013941\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013941'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:17763,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013941])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T00:26:42", "description": "The remote Windows host is missing security update 5013942. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013942: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22019", "CVE-2022-22713", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29106", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30138"], "modified": "2022-08-19T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013942.NASL", "href": "https://www.tenable.com/plugins/nessus/160927", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160927);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/19\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22011\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22019\",\n \"CVE-2022-22713\",\n \"CVE-2022-23270\",\n \"CVE-2022-23279\",\n \"CVE-2022-24466\",\n \"CVE-2022-26913\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26927\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26932\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-26938\",\n \"CVE-2022-26939\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29105\",\n \"CVE-2022-29106\",\n \"CVE-2022-29112\",\n \"CVE-2022-29113\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29131\",\n \"CVE-2022-29132\",\n \"CVE-2022-29134\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-29142\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013942\");\n script_xref(name:\"MSFT\", value:\"MS22-5013942\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013942: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013942. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139,\n CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013942\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013942\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013942'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:19042,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013942])\n|| smb_check_rollup(os:'10',\n os_build:19043,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013942])\n|| smb_check_rollup(os:'10',\n os_build:19044,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013942])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T22:27:20", "description": "The remote Windows host is missing security update 5013944. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "KB5013944: Windows Server 2022 Security Update (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22017", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-26940", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29106", "CVE-2022-29112", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-30138"], "modified": "2022-08-19T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_5013944.NASL", "href": "https://www.tenable.com/plugins/nessus/160929", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160929);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/19\");\n\n script_cve_id(\n \"CVE-2022-21972\",\n \"CVE-2022-22012\",\n \"CVE-2022-22013\",\n \"CVE-2022-22014\",\n \"CVE-2022-22015\",\n \"CVE-2022-22016\",\n \"CVE-2022-22017\",\n \"CVE-2022-22019\",\n \"CVE-2022-23270\",\n \"CVE-2022-23279\",\n \"CVE-2022-24466\",\n \"CVE-2022-26913\",\n \"CVE-2022-26923\",\n \"CVE-2022-26925\",\n \"CVE-2022-26926\",\n \"CVE-2022-26927\",\n \"CVE-2022-26930\",\n \"CVE-2022-26931\",\n \"CVE-2022-26932\",\n \"CVE-2022-26933\",\n \"CVE-2022-26934\",\n \"CVE-2022-26935\",\n \"CVE-2022-26936\",\n \"CVE-2022-26937\",\n \"CVE-2022-26938\",\n \"CVE-2022-26939\",\n \"CVE-2022-26940\",\n \"CVE-2022-29102\",\n \"CVE-2022-29103\",\n \"CVE-2022-29104\",\n \"CVE-2022-29106\",\n \"CVE-2022-29112\",\n \"CVE-2022-29114\",\n \"CVE-2022-29115\",\n \"CVE-2022-29120\",\n \"CVE-2022-29121\",\n \"CVE-2022-29122\",\n \"CVE-2022-29123\",\n \"CVE-2022-29125\",\n \"CVE-2022-29126\",\n \"CVE-2022-29127\",\n \"CVE-2022-29128\",\n \"CVE-2022-29129\",\n \"CVE-2022-29130\",\n \"CVE-2022-29131\",\n \"CVE-2022-29132\",\n \"CVE-2022-29134\",\n \"CVE-2022-29135\",\n \"CVE-2022-29137\",\n \"CVE-2022-29138\",\n \"CVE-2022-29139\",\n \"CVE-2022-29140\",\n \"CVE-2022-29141\",\n \"CVE-2022-29142\",\n \"CVE-2022-29150\",\n \"CVE-2022-29151\",\n \"CVE-2022-30138\"\n );\n script_xref(name:\"MSKB\", value:\"5013944\");\n script_xref(name:\"MSFT\", value:\"MS22-5013944\");\n script_xref(name:\"IAVA\", value:\"2022-A-0204-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0203-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/22\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"KB5013944: Windows Server 2022 Security Update (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5013944. It is, therefore, affected by multiple vulnerabilities\n\n - Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014,\n CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139,\n CVE-2022-29141)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)\n\n - Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5013944\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5013944\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29130\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-05';\nkbs = make_list(\n '5013944'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:20348,\n rollup_date:'05_2022',\n bulletin:bulletin,\n rollup_kb_list:[5013944])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:27:25", "description": "The Microsoft Office product installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Windows Graphics component.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (July 2022) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26934"], "modified": "2022-07-14T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "MACOS_MS22_JUL_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/163071", "sourceData": "##\n# (C) Tenable, Inc. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163071);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/14\");\n\n script_cve_id(\"CVE-2022-26934\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (July 2022) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office product installed on the remote host is affected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office product installed on the remote host is missing a security update. It is, therefore, affected by\nan information disclosure vulnerability in the Windows Graphics component.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-for-mac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43ed1b90\");\n # https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#july-12-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b69cf5c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Microsoft Outlook\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft Word\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar apps = make_list('Microsoft Outlook', 'Microsoft Excel', 'Microsoft Word',\n 'Microsoft PowerPoint','Microsoft OneNote');\n\nvar app_info = vcf::microsoft::office_for_mac::get_app_info(apps:apps);\n\nvar constraints = [\n {'min_version':'16.17.0', 'fixed_version':'16.63', 'fixed_display':'16.63 (22070801)'}\n];\n\nvcf::microsoft::office_for_mac::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n os_min_lvl:'10.15.0'\n);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T19:26:20", "description": "The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-33632)\n\n - An information disclosure vulnerability exists in the windows graphic component. An unauthenticated, remote attacker can exploit this to disclose information. (CVE-2022-26934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products C2R (July 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26934", "CVE-2022-33632"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS22_JUL_OFFICE_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/163080", "sourceData": "##\n# (C) Tenable, Inc. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163080);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2022-26934\", \"CVE-2022-33632\");\n script_xref(name:\"IAVA\", value:\"2022-A-0270-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Security Updates for Microsoft Office Products C2R (July 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-33632)\n\n - An information disclosure vulnerability exists in the windows graphic component. An unauthenticated,\n remote attacker can exploit this to disclose information. (CVE-2022-26934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42ab6861\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS22-07';\n\nvar app_info = vcf::microsoft::office::get_app_info(app:'Microsoft Office');\n\nvar constraints = [\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.15330.20246','channel':'2016 Retail'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.15330.20246','channel':'Current'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.15225.20356','channel':'Enterprise Deferred','channel_version':'2205'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.15128.20312','channel':'Enterprise Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14931.20604','channel':'First Release for Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14931.20604','channel':'Deferred','channel_version':'2202'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.14326.21062','channel':'Deferred','channel_version':'2108'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.13801.21528','channel':'Deferred'},\n {'product':'Microsoft Office 2016','file':'graph.exe','fixed_version':'16.0.12527.22183','channel':'Microsoft 365 Apps on Windows 7'},\n {'product':'Microsoft Office 2021','file':'graph.exe','fixed_version':'16.0.15330.20246','channel':'2021 Retail'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.15330.20246','channel':'2019 Retail'},\n {'product':'Microsoft Office 2021','file':'graph.exe','fixed_version':'16.0.14332.20345','channel':'LTSC 2021'},\n {'product':'Microsoft Office 2019','file':'graph.exe','fixed_version':'16.0.10388.20027','channel':'2019 Volume'}\n];\n\nvcf::microsoft::office::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n bulletin:bulletin,\n subproduct:'Office'\n);\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:21:00", "description": "The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-22015, CVE-2022-26940)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-22017)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "Remote Desktop client for Windows Multiple Vulnerabilities (May 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22015", "CVE-2022-22017", "CVE-2022-26940"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAY_RDC.NASL", "href": "https://www.tenable.com/plugins/nessus/160941", "sourceData": "##\n# Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160941);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-22015\", \"CVE-2022-22017\", \"CVE-2022-26940\");\n\n script_name(english:\"Remote Desktop client for Windows Multiple Vulnerabilities (May 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore,\naffected by multiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-22015, CVE-2022-26940)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-22017)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ca553d7\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22015\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54fabd57\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26940\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e279d0d7\");\n # https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dbd96878\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to client version 1.2.3130 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"remote_desktop_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Remote Desktop\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar appname = \"Microsoft Remote Desktop\";\n\nvar app_info = vcf::get_app_info(app:appname, win_local:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.2.3130' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-05-18T01:33:12", "description": "### *Detect date*:\n05/10/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface.\n\n### *Affected products*:\nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-29137](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29137>) \n[CVE-2022-26936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936>) \n[CVE-2022-29115](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29115>) \n[CVE-2022-29127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29127>) \n[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012>) \n[CVE-2022-26931](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931>) \n[CVE-2022-22013](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22013>) \n[CVE-2022-22019](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22019>) \n[CVE-2022-29139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29139>) \n[CVE-2022-29129](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29129>) \n[CVE-2022-29141](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29141>) \n[CVE-2022-29112](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29112>) \n[CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>) \n[CVE-2022-29103](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29103>) \n[CVE-2022-22015](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22015>) \n[CVE-2022-29132](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132>) \n[CVE-2022-29130](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130>) \n[CVE-2022-26926](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26926>) \n[CVE-2022-23270](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270>) \n[CVE-2022-29121](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29121>) \n[CVE-2022-21972](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972>) \n[CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>) \n[CVE-2022-29105](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29105>) \n[CVE-2022-22011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22011>) \n[CVE-2022-26935](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26935>) \n[CVE-2022-29128](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29128>) \n[CVE-2022-26934](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934>) \n[CVE-2022-22014](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22014>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5014010](<http://support.microsoft.com/kb/5014010>) \n[5013999](<http://support.microsoft.com/kb/5013999>) \n[5014006](<http://support.microsoft.com/kb/5014006>) \n[5014012](<http://support.microsoft.com/kb/5014012>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "kaspersky", "title": "KLA12524 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22019", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26931", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-29103", "CVE-2022-29105", "CVE-2022-29112", "CVE-2022-29115", "CVE-2022-29121", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-16T00:00:00", "id": "KLA12524", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12524/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T08:16:09", "description": "### *Detect date*:\n05/10/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2016 \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2019 \nWindows 10 Version 21H2 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2022 \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 11 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2012 \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-29137](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29137>) \n[CVE-2022-29140](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29140>) \n[CVE-2022-29106](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29106>) \n[CVE-2022-29127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29127>) \n[CVE-2022-22019](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22019>) \n[CVE-2022-22017](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017>) \n[CVE-2022-29104](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104>) \n[CVE-2022-29102](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29102>) \n[CVE-2022-29151](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29151>) \n[CVE-2022-29129](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29129>) \n[CVE-2022-29122](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29122>) \n[CVE-2022-29150](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29150>) \n[CVE-2022-29132](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132>) \n[CVE-2022-29130](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130>) \n[CVE-2022-26927](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26927>) \n[CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>) \n[CVE-2022-29105](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29105>) \n[CVE-2022-29113](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29113>) \n[CVE-2022-22011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22011>) \n[CVE-2022-29128](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29128>) \n[CVE-2022-23279](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23279>) \n[CVE-2022-22014](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22014>) \n[CVE-2022-29133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29133>) \n[CVE-2022-29131](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29131>) \n[CVE-2022-26936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936>) \n[CVE-2022-29115](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29115>) \n[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012>) \n[CVE-2022-26931](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931>) \n[CVE-2022-22013](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22013>) \n[CVE-2022-29125](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29125>) \n[CVE-2022-29139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29139>) \n[CVE-2022-29141](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29141>) \n[CVE-2022-22713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22713>) \n[CVE-2022-29138](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29138>) \n[CVE-2022-29112](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29112>) \n[CVE-2022-29103](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29103>) \n[CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>) \n[CVE-2022-22015](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22015>) \n[CVE-2022-26933](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26933>) \n[CVE-2022-29135](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29135>) \n[CVE-2022-24466](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24466>) \n[CVE-2022-26940](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26940>) \n[CVE-2022-29134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29134>) \n[CVE-2022-26913](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26913>) \n[CVE-2022-26938](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26938>) \n[CVE-2022-26926](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26926>) \n[CVE-2022-22016](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22016>) \n[CVE-2022-23270](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270>) \n[CVE-2022-29142](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29142>) \n[CVE-2022-29121](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29121>) \n[CVE-2022-21972](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972>) \n[CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>) \n[CVE-2022-26930](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26930>) \n[CVE-2022-29123](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29123>) \n[CVE-2022-29120](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29120>) \n[CVE-2022-26935](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26935>) \n[CVE-2022-29126](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29126>) \n[CVE-2022-29114](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29114>) \n[CVE-2022-29116](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29116>) \n[CVE-2022-26934](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934>) \n[CVE-2022-26932](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26932>) \n[CVE-2022-26939](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26939>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5014018](<http://support.microsoft.com/kb/5014018>) \n[5014001](<http://support.microsoft.com/kb/5014001>) \n[5013942](<http://support.microsoft.com/kb/5013942>) \n[5013941](<http://support.microsoft.com/kb/5013941>) \n[5014025](<http://support.microsoft.com/kb/5014025>) \n[5013952](<http://support.microsoft.com/kb/5013952>) \n[5013943](<http://support.microsoft.com/kb/5013943>) \n[5013944](<http://support.microsoft.com/kb/5013944>) \n[5014011](<http://support.microsoft.com/kb/5014011>) \n[5013945](<http://support.microsoft.com/kb/5013945>) \n[5014017](<http://support.microsoft.com/kb/5014017>) \n[5013963](<http://support.microsoft.com/kb/5013963>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "kaspersky", "title": "KLA12526 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22017", "CVE-2022-22019", "CVE-2022-22713", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-26940", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29106", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29116", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29133", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-29150", "CVE-2022-29151"], "modified": "2022-10-18T00:00:00", "id": "KLA12526", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12526/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-31T18:44:51", "description": "### *Detect date*:\n05/12/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nElevation of privilege was found in Microsoft Products (Extended Security Update). Malicious users can exploit this vulnerability to gain privileges.\n\n### *Affected products*:\nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-30138](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30138>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5014010](<http://support.microsoft.com/kb/5014010>) \n[5013999](<http://support.microsoft.com/kb/5013999>) \n[5014006](<http://support.microsoft.com/kb/5014006>) \n[5014012](<http://support.microsoft.com/kb/5014012>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "kaspersky", "title": "KLA12532 Elevation of privilege in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-16T00:00:00", "id": "KLA12532", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12532/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-31T18:44:51", "description": "### *Detect date*:\n05/12/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nElevation of privilege vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to gain privileges.\n\n### *Affected products*:\nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows Server 2016 \nWindows Server 2019 \nWindows 10 Version 21H2 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2022 \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2022 (Server Core installation) \nWindows 11 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2012 \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-30138](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30138>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5014018](<http://support.microsoft.com/kb/5014018>) \n[5014001](<http://support.microsoft.com/kb/5014001>) \n[5013942](<http://support.microsoft.com/kb/5013942>) \n[5013941](<http://support.microsoft.com/kb/5013941>) \n[5014025](<http://support.microsoft.com/kb/5014025>) \n[5013952](<http://support.microsoft.com/kb/5013952>) \n[5013943](<http://support.microsoft.com/kb/5013943>) \n[5013944](<http://support.microsoft.com/kb/5013944>) \n[5014011](<http://support.microsoft.com/kb/5014011>) \n[5013945](<http://support.microsoft.com/kb/5013945>) \n[5014017](<http://support.microsoft.com/kb/5014017>) \n[5013963](<http://support.microsoft.com/kb/5013963>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "kaspersky", "title": "KLA12533 Elevation of privilege in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-16T00:00:00", "id": "KLA12533", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12533/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-15T10:01:01", "description": "### *Detect date*:\n05/10/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nMicrosoft Publisher 2013 Service Pack 1 (32-bit editions) \nMicrosoft Excel 2016 (64-bit edition) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office LTSC 2021 for 64-bit editions \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (32-bit editions) \nMicrosoft Publisher 2013 Service Pack 1 (64-bit editions) \nMicrosoft Publisher 2016 (32-bit edition) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 (64-bit editions) \nMicrosoft SharePoint Server 2019 \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office Online Server \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Office LTSC for Mac 2021 \nMicrosoft SharePoint Server Subscription Edition \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft Excel 2016 (32-bit edition) \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office LTSC 2021 for 32-bit editions \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Publisher 2016 (64-bit edition)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-29109](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29109>) \n[CVE-2022-29108](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108>) \n[CVE-2022-29107](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29107>) \n[CVE-2022-29110](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29110>) \n[CVE-2022-26934](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2022-26934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26934>)4.3Warning \n[CVE-2022-29109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29109>)6.8High \n[CVE-2022-29108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29108>)6.5High \n[CVE-2022-29107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29107>)4.3Warning \n[CVE-2022-29110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29110>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4493152](<http://support.microsoft.com/kb/4493152>) \n[5002195](<http://support.microsoft.com/kb/5002195>) \n[5002204](<http://support.microsoft.com/kb/5002204>) \n[5002194](<http://support.microsoft.com/kb/5002194>) \n[5002196](<http://support.microsoft.com/kb/5002196>) \n[5002205](<http://support.microsoft.com/kb/5002205>) \n[5002199](<http://support.microsoft.com/kb/5002199>) \n[5002207](<http://support.microsoft.com/kb/5002207>) \n[4484347](<http://support.microsoft.com/kb/4484347>) \n[5002203](<http://support.microsoft.com/kb/5002203>) \n[5002187](<http://support.microsoft.com/kb/5002187>) \n[5002184](<http://support.microsoft.com/kb/5002184>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "kaspersky", "title": "KLA12525 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26934", "CVE-2022-29107", "CVE-2022-29108", "CVE-2022-29109", "CVE-2022-29110"], "modified": "2022-07-15T00:00:00", "id": "KLA12525", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12525/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-01-10T22:21:56", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29139", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:58", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29130", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:22:04", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22014", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22014", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:22:04", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22012", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:22:04", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22013", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22013", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:57", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29137", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29137", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:58", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29131", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:58", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29129", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:56", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29141", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29141", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:58", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29128", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-02T07:04:55", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22011", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22011", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:00", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-26934.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29112", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29112", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:06", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-29112.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-26934", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26934", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:09", "description": "Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-23270"], "modified": "2022-05-10T07:00:00", "id": "MS:CVE-2022-23270", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:22:10", "description": "Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-23270"], "modified": "2022-05-10T07:00:00", "id": "MS:CVE-2022-21972", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132", "CVE-2022-30138"], "modified": "2022-05-13T07:00:00", "id": "MS:CVE-2022-30138", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30138", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-03T16:22:46", "description": "Microsoft Windows Media Foundation Remote Code Execution Vulnerability.", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Microsoft Windows Media Foundation Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29105"], "modified": "2022-05-23T07:00:00", "id": "MS:CVE-2022-29105", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29105", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:54", "description": "Windows WLAN AutoConfig Service Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows WLAN AutoConfig Service Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29121"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29121", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29121", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-10T22:21:58", "description": "BitLocker Security Feature Bypass Vulnerability.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "BitLocker Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29127"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29127", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29127", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:02", "description": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29103"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29103", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29103", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:22:06", "description": "Windows Server Service Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Server Service Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26936"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-26936", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26936", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:00", "description": "Windows Fax Service Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Fax Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29115"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29115", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:55", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22019"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22019", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:22:07", "description": "Windows LSA Spoofing Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows LSA Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26925"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-26925", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-10T22:22:06", "description": "Windows WLAN AutoConfig Service Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows WLAN AutoConfig Service Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26935"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-26935", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26935", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T22:22:07", "description": "Windows Address Book Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Address Book Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26926"], "modified": "2022-08-31T07:00:00", "id": "MS:CVE-2022-26926", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:22:04", "description": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22015"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-22015", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-10-03T16:22:51", "description": "Windows Network File System Remote Code Execution Vulnerability.", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-26937", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:22:09", "description": "Windows Kerberos Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T07:00:00", "type": "mscve", "title": "Windows Kerberos Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26931"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-26931", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26931", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:58", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132"], "modified": "2022-05-10T08:00:00", "id": "MS:CVE-2022-29132", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29132", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:22:02", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29132.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T08:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132"], "modified": "2022-06-03T07:00:00", "id": "MS:CVE-2022-29104", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29104", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-30T06:35:50", "description": "Windows Network File System Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136"], "modified": "2022-06-14T07:00:00", "id": "MS:CVE-2022-30136", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30136", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-05-18T10:14:24", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22014", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-17T21:02:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2022-22014", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22014", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-23T18:57:55", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29129", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29129", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T18:57:42", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29139", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T18:57:56", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29128", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29128", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29128", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-18T10:14:25", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22012", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-17T21:05:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2022-22012", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22012", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-23T18:57:51", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29131", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29131", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T18:57:45", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29137", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29137", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29137", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T18:57:54", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29130", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29130", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-18T10:14:27", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22013", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-17T21:03:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2022-22013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22013", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-23T18:57:39", "description": "Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29141", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29137", "CVE-2022-29139", "CVE-2022-29141"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29141", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-20T19:21:19", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-29112.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26934", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-05-20T17:18:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-26934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26934", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-18T23:58:52", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22011", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-05-18T18:23:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-22011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22011", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-20T16:44:35", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-26934.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29112", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22011", "CVE-2022-26934", "CVE-2022-29112"], "modified": "2022-05-20T14:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1"], "id": "CVE-2022-29112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29112", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*"]}, {"lastseen": "2022-05-18T23:58:34", "description": "Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-23270", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-23270"], "modified": "2022-05-18T18:32:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-23270", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23270", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-23T18:59:11", "description": "Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-21972", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-23270"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-21972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21972", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-31T16:02:30", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T23:15:00", "type": "cve", "title": "CVE-2022-30138", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132", "CVE-2022-30138"], "modified": "2022-05-31T13:43:00", "cpe": ["cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-30138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30138", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-20T16:44:37", "description": "Microsoft Windows Media Foundation Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29105", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29105"], "modified": "2022-05-20T14:38:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1"], "id": "CVE-2022-29105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29105", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*"]}, {"lastseen": "2022-05-25T15:53:10", "description": "Windows WLAN AutoConfig Service Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29121", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29121"], "modified": "2022-05-25T13:58:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2022-29121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29121", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-20T19:21:12", "description": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29103", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29103"], "modified": "2022-05-20T17:59:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29103", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-23T18:57:58", "description": "BitLocker Security Feature Bypass Vulnerability.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29127", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29127"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29127", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-19T18:29:50", "description": "Windows Server Service Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26936", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26936"], "modified": "2022-05-19T16:51:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2022-26936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26936", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-23T18:58:11", "description": "Windows Fax Service Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29115", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29115"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29115", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*"]}, {"lastseen": "2022-05-18T23:58:39", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22019", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22019"], "modified": "2022-05-18T20:54:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-22019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22019", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-10-07T21:25:59", "description": "Windows LSA Spoofing Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26925", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26925"], "modified": "2022-10-07T18:08:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-26925", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-19T20:45:16", "description": "Windows WLAN AutoConfig Service Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26935", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26935"], "modified": "2022-05-19T19:42:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-"], "id": "CVE-2022-26935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26935", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-20T03:28:13", "description": "Windows Address Book Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26926", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26926"], "modified": "2022-05-19T21:13:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022"], "id": "CVE-2022-26926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26926", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-18T23:59:13", "description": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-22015", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22015"], "modified": "2022-05-18T19:20:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/a:microsoft:remote_desktop:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-22015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22015", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:remote_desktop:-:*:*:*:*:windows:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-23T18:58:34", "description": "Windows Network File System Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26937", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:*"], "id": "CVE-2022-26937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26937", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-05-20T03:28:07", "description": "Windows Kerberos Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-26931", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26931"], "modified": "2022-05-19T20:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022"], "id": "CVE-2022-26931", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26931", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-20T21:15:51", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29132.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29104", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132"], "modified": "2022-05-20T18:53:00", "cpe": ["cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-29104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29104", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-05-23T18:57:52", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T21:15:00", "type": "cve", "title": "CVE-2022-29132", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-29132"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-29132", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29132", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}], "malwarebytes": [{"lastseen": "2022-05-19T01:29:17", "description": "Microsoft has released patches for 74 security problems, including fixes for seven \u201ccritical\u201d vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows.\n\nFirst, we'll look at the actively exploited zero-day. Then we'll discuss two zero-days that are publicly disclosed, but so far no in the wild exploits have been reported. And we\u2019ll finish off with a few others that are worth keeping an eye on.\n\n## LSA spoofing zero-day\n\nMicrosoft has addressed an actively exploited Windows LSA spoofing zero-day that allows unauthenticated attackers to remotely force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol.\n\n[CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>): An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. The security update detects anonymous connection attempts in LSARPC and disallows it.\n\nLSA (short for Local Security Authority) is a protected Windows subsystem that enforces local security policies and validates users for local and remote sign-ins. LSARPC is a protocol that enables a set of remote procedure calls (RPCs) to the LSA. Microsoft warns that the [CVSS score](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) would be 9.8 out of 10 when this vulnerability is chained with the noted NTLM Relay Attacks on Active Directory Certificate Services (AD CS).\n\nThe attack vector is closely related to the [PetitPotam attacks](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/microsoft-provides-more-mitigation-instructions-for-the-petitpotam-attack/>) we saw last year. If you are looking which patches to prioritize, this vulnerability affects all servers but domain controllers should be prioritized in terms of applying security updates.\n\n## Windows Hyper-V vulnerability\n\n[CVE-2022-22713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713>): A denial of service (DoS) vulnerability in Windows Hyper V. Successful exploitation of this vulnerability requires an attacker to win a race condition. A race condition occurs when two or more threads can access shared data and they try to change it at the same time.\n\nHyper V is a native hypervisor, which means it can create virtual machines on x86-64 systems running Windows. The vulnerability only affects Windows Server (version 20H2) and Windows 10 x-64 based systems (versions 20H2 , 21H1, 21H2).\n\n## Redshift driver\n\n[CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>): A vulnerability that affects the Amazon Redshift ODBC and JDBC drivers and Amazon Athena ODBC and JDBC drivers due to improper validation of authentication tokens which may allow for unintended program invocation.\n\nMicrosoft products Azure Synapse Pipelines and Azure Data Factory are affected by a vulnerability in the Magnitude Simba Amazon Redshift ODBC Driver. An ODBC driver uses the Open Database Connectivity (ODBC) interface by Microsoft that allows applications to access data in database management systems (DBMS) using SQL (Structured Query Language) as a standard for accessing the data.\n\nThe vulnerability was dubbed SynLapse by the [researchers](<https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/>) that discovered it. They believe the tenant separation in the Microsoft Azure Synapse service is insufficiently robust to protect secrets against other tenants.\n\n## Windows Network File System\n\nNext is a Remote Code Execution (RCE) vulnerability affecting Windows Network File System (NFS) listed under [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937>). This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Microsoft considers it likely to be exploited and it is one of the highest-rated vulnerabilities of the month with a CVSS score of 9.8 out of 10.\n\n## Point-to-Point Tunneling Protocol\n\n[CVE-2022-21972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972>): a Point-to-Point Tunneling Protocol Remote Code Execution vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. A remote access server (RAS) is a type of server that provides a suite of services to remotely connected users over a network or the Internet.\n\n[CVE-2022-23270](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270>): another Point-to-Point Tunneling Protocol Remote Code Execution vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.\n\nSuccessful exploitation of these two vulnerabilities requires an attacker to win a race condition.\n\n## Other updates\n\nMicrosoft is not the only vendor to issue patches. Here are some other that may deserve your attention.\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [Google Chr](<https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html>)[ome](<https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html>)\n * [Cisco](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9>)\n * [F5 BIG-IP](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-exploits-are-active-for-f5-big-ip-vulnerability/>)\n * [Opera](<https://blogs.opera.com/desktop/2022/05/opera-86-0-4363-59-stable-update/>)\n\nStay safe, everyone!\n\nThe post [Update now! Microsoft releases patches, including one for actively exploited zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-microsoft-releases-patches-including-one-for-actively-exploited-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T14:36:23", "type": "malwarebytes", "title": "Update now! Microsoft releases patches, including one for actively exploited zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-22713", "CVE-2022-23270", "CVE-2022-26925", "CVE-2022-26937", "CVE-2022-29972"], "modified": "2022-05-11T14:36:23", "id": "MALWAREBYTES:7697B62E0C0C7AA37884F3F73C3AF324", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-microsoft-releases-patches-including-one-for-actively-exploited-zero-day/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T14:57:21", "description": "The June 2022 Patch Tuesday may go down in history as the day that [Follina](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/>) got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond.\n\n## Microsoft\n\nMicrosoft released updates to deal with 60 security vulnerabilities. Undoubtedly the most prominent one is the one that goes by the name of [Follina](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/>). The Edge browser received five of the patched vulnerabilities .\n\n### Follina, or CVE-2022-30190\n\nA quick recap about Follina. On Monday May 30, 2022, Microsoft issued [CVE-2022-30190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190>) regarding a vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows. An in the wild exploit was using a feature in Word to retrieve a HTML file from a remote server, and that HTML file in turn was using MSDT to load code and execute PowerShell commands.\n\n### CVE-2022-30136\n\nAnother critical vulnerability is [CVE-2022-30136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136>), a bug in NFS 4.1 which could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). This vulnerability concerns a number of Windows Server products and received a [CVSS](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) score of 9.8 out of 10. Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26937>)) affecting NFS v2.0 and v3.0.\n\n### CVE-2022-30139\n\nSimilar is [CVE-2022-30139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30139>), a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. LDAP is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP). In total, seven vulnerabilities in LDAP were found and fixed.\n\n### CVE-2022-30163\n\nNoteworthy as well is [CVE-2022-30163](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30163>) a Windows Hyper-V Remote Code Execution vulnerability that allows an attacker to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. Microsoft Hyper-V is a virtualization platform, which enables administrators to virtualize multiple operating systems to run off the same physical server simultaneously.\n\n## More Microsoft news\n\nMicrosoft has also started to phase out Internet Explorer, but more about that in a [separate post](<https://blog.malwarebytes.com/reports/2022/06/its-official-today-you-can-say-goodbye-to-internet-explorer-or-can-you/>).\n\nAnd then there was a storm of criticism about the way Microsoft handled the [SynLapse vulnerability](<https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/>) in Azure Data Factory and Azure Synapse Pipelines. SynLapse is the name for a critical bug in Azure\u2019s Synapse service that allowed attackers to obtain credentials to other workspaces, execute code, or leak customer credentials to data sources outside of Azure. Rather than dealing with the vulnerability in a way that closed the gap once and for all, Microsoft choose what researchers called a halfhearted way that was easily bypassed in a following attempt. Orca researchers said they were able to bypass Microsoft\u2019s fix for the issue twice before the company put a working fix in place.\n\n## Other vendors\n\nAdobe has released security updates to address vulnerabilities in [multiple products](<https://www.cisa.gov/uscert/ncas/current-activity/2022/06/14/adobe-releases-security-updates-multiple-products>).\n\n[Atlassian](<https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html>) released a patch for the [in the wild exploited](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/multiple-adversaries-exploiting-confluence-vulnerability-warns-microsoft/>) Confluence RCE vulnerability.\n\n[Citrix](<https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512>) fixed two vulnerabilities in Citrix ADM server and Citrix ADM agent.\n\n[Drupal](<https://www.drupal.org/sa-core-2022-011>) fixed two \u201cModerately critical\u201d vulnerabilities.\n\n[GitLab](<https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/>) released versions 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).\n\nGoogle put out updates for [Android](<https://source.android.com/security/bulletin/2022-06-01>) and [Chrome](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/>).\n\n[SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>) published security notes about some high priority vulnerabilities\n\nStay safe, everyone!\n\nThe post [Update now! Microsoft patches Follina, and many other security updates](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T13:17:05", "type": "malwarebytes", "title": "Update now!\u00a0 Microsoft patches Follina, and many other security updates", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30163", "CVE-2022-30190"], "modified": "2022-06-15T13:17:05", "id": "MALWAREBYTES:0647495F01C9F1847B118A9E32BC6C13", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2022-05-17T23:31:00", "description": "![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/patches-2.jpg)\n\nThis month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there\u2019s plenty of work to be done by system and network administrators, as usual. \n\nThere is one 0-day this month: [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925>), a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem, which allows attackers able to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication. This is very bad news when used in conjunction with an [NTLM relay attack](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>), potentially leading to remote code execution (RCE). This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.\n\nTwo other CVEs were also publicly disclosed before today\u2019s releases, though they have not yet been seen exploited in the wild. [CVE-2022-22713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713>) is a denial-of-service vulnerability that affects Hyper-V servers running relatively recent versions of Windows (20H2 and later). [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>) is a Critical RCE that affects the Amazon Redshift ODBC driver used by Microsoft\u2019s Self-hosted Integration Runtime (a client agent that enables on-premises data sources to exchange data with cloud services such as Azure Data Factory and Azure Synapse Pipelines). This vulnerability also prompted Microsoft to publish their first guidance-based advisory of the year, ADV220001, indicating their plans to strengthen tenant isolation in their cloud services without actually providing any specific details or actions to be taken by customers.\n\nAll told, 74 CVEs were fixed this month, the vast majority of which affect functionality within the Windows operating system. Other notable vulnerabilities include [CVE-2022-21972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972>) and [CVE-2022-23270](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270>), critical RCEs in the Point-to-Point Tunneling Protocol. Exploitation requires attackers to win a race condition, which increases the complexity, but if you have any RAS servers in your environment, patch sooner rather than later.\n\n[CVE-2022-26937](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937>) carries a CVSSv3 score of 9.8 and affects services using the Windows Network File System (NFS). This can be mitigated by disabling NFSV2 and NFSV3 on the server; however, this may cause compatibility issues, and upgrading is highly recommended.\n\n[CVE-2022-22017](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017>) is yet another client-side Remote Desktop Protocol (RDP) vulnerability. While not as worrisome as when an RCE affects RDP servers, if a user can be enticed to connect to a malicious RDP server via social engineering tactics, an attacker will gain RCE on their system.\n\nSharepoint Server administrators should be aware of [CVE-2022-29108](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108>), a post-authentication RCE fixed today. Exchange admins have [CVE-2022-21978](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21978>) to worry about, which could allow an attacker with elevated privileges on an Exchange server to gain the rights of a Domain Administrator.\n\nA host of Lightweight Directory Access Protocol (LDAP) vulnerabilities were also addressed this month, including [CVE-2022-22012](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012>) and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130>) \u2013 both RCEs that, thankfully, are only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.\n\nAlthough there are no browser vulnerabilities this month, two RCEs affecting Excel ([CVE-2022-29109](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109>) and [CVE-2022-29110](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110>)) and one Security Feature Bypass affecting Office ([CVE-2022-29107](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29107>)) mean there is still some endpoint application patching to do.\n\n## Summary charts\n\n![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_severity.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_impact.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-cvssv3_hist.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_component.png)\n\n## Summary tables\n\n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29972>) | Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | No | Yes | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29148>) | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-23267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-29117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-29145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-30130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30130>) | .NET Framework Denial of Service Vulnerability | No | No | 3.3 | No \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-26935](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26935>) | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29121>) | Windows WLAN AutoConfig Service Denial of Service Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-26936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936>) | Windows Server Service Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-22015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015>) | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29103>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-29132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29132>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-26937](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26937>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-26925](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925>) | Windows LSA Spoofing Vulnerability | Yes | Yes | 8.1 | Yes \n[CVE-2022-22012](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-29130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29130>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-22013](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22013>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2022-22014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22014>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2022-29128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29128>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29129>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29137>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2022-29139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29139>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29141>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2022-26931](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26931>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-26934](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26934>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29112>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-22011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29115>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-26926](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26926>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-21972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972>) | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-23270](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270>) | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-29105](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29105>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2022-29127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29127>) | BitLocker Security Feature Bypass Vulnerability | No | No | 4.2 | Yes \n \n### Exchange Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-21978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29107>) | Microsoft Office Security Feature Bypass Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29109>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29110>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-26930](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26930>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29125>) | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29114>) | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29140>) | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29104>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-22016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016>) | Windows PlayToManager Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-26933](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26933>) | Windows NTFS Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29131>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29116>) | Windows Kernel Information Disclosure Vulnerability | No | No | 4.7 | Yes \n[CVE-2022-29133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29133>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29142>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29106>) | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466>) | Windows Hyper-V Security Feature Bypass Vulnerability | No | No | 4.1 | Yes \n[CVE-2022-22713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713>) | Windows Hyper-V Denial of Service Vulnerability | No | Yes | 5.6 | Yes \n[CVE-2022-26927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26927>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-29102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29102>) | Windows Failover Cluster Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-29113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29113>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29134>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29120>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29122>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29123>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-29138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29138>) | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29135>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29150>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29151>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-26913](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26913>) | Windows Authentication Security Feature Bypass Vulnerability | No | No | 7.4 | Yes \n[CVE-2022-23279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-29126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29126>) | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-26932](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26932>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 8.2 | Yes \n[CVE-2022-26938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26938>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-26939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26939>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-26940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26940>) | Remote Desktop Protocol Client Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-22017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-26923](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923>) | Active Directory Domain Services Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n \n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T19:59:20", "type": "rapid7blog", "title": "Patch Tuesday - May 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972", "CVE-2022-21978", "CVE-2022-22011", "CVE-2022-22012", "CVE-2022-22013", "CVE-2022-22014", "CVE-2022-22015", "CVE-2022-22016", "CVE-2022-22017", "CVE-2022-22019", "CVE-2022-22713", "CVE-2022-23267", "CVE-2022-23270", "CVE-2022-23279", "CVE-2022-24466", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26926", "CVE-2022-26927", "CVE-2022-26930", "CVE-2022-26931", "CVE-2022-26932", "CVE-2022-26933", "CVE-2022-26934", "CVE-2022-26935", "CVE-2022-26936", "CVE-2022-26937", "CVE-2022-26938", "CVE-2022-26939", "CVE-2022-26940", "CVE-2022-29102", "CVE-2022-29103", "CVE-2022-29104", "CVE-2022-29105", "CVE-2022-29106", "CVE-2022-29107", "CVE-2022-29108", "CVE-2022-29109", "CVE-2022-29110", "CVE-2022-29112", "CVE-2022-29113", "CVE-2022-29114", "CVE-2022-29115", "CVE-2022-29116", "CVE-2022-29117", "CVE-2022-29120", "CVE-2022-29121", "CVE-2022-29122", "CVE-2022-29123", "CVE-2022-29125", "CVE-2022-29126", "CVE-2022-29127", "CVE-2022-29128", "CVE-2022-29129", "CVE-2022-29130", "CVE-2022-29131", "CVE-2022-29132", "CVE-2022-29133", "CVE-2022-29134", "CVE-2022-29135", "CVE-2022-29137", "CVE-2022-29138", "CVE-2022-29139", "CVE-2022-29140", "CVE-2022-29141", "CVE-2022-29142", "CVE-2022-29145", "CVE-2022-29148", "CVE-2022-29150", "CVE-2022-29151", "CVE-2022-29972", "CVE-2022-30129", "CVE-2022-30130"], "modified": "2022-05-10T19:59:20", "id": "RAPID7BLOG:82692E307F294B32BDCAC4053EBE23B2", "href": "https://blog.rapid7.com/2022/05/10/patch-tuesday-may-2022/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-24T22:03:33", "description": "![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/patches-2.jpg)\n\nJune's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), also known as Follina, which was observed being exploited in the wild [at the end of May](<https://www.rapid7.com/blog/post/2022/05/31/cve-2022-30190-follina-microsoft-support-diagnostic-tool-vulnerability/>). Microsoft provided [mitigation instructions](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) (disabling the MSDT URL protocol via the registry), but actual patches were not available until today\u2019s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.\n\nNone of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won\u2019t be long before attackers start looking at [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)) affecting NFS v2.0 and v3.0. [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.\n\nAlso reminiscent of last month is [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>), a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for June is [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>), which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.\n\nThe other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.\n\n## Summary charts\n\n![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_severity.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_impact.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-cvssv3_hist.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_component.png)\n\n## Summary tables\n\n### Apps vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30168>) | Microsoft Photos App Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30137>) | Azure Service Fabric Container Elevation of Privilege Vulnerability | No | No | 6.7 | Yes \n[CVE-2022-30177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30177>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30178>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30179>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30180>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 7.8 | Yes \n \n### Azure System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149>) | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-22021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22021>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-2011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2011>) | Chromium: CVE-2022-2011 Use after free in ANGLE | No | No | N/A | Yes \n[CVE-2022-2010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2010>) | Chromium: CVE-2022-2010 Out of bounds read in compositing | No | No | N/A | Yes \n[CVE-2022-2008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2008>) | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | No | No | N/A | Yes \n[CVE-2022-2007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2007>) | Chromium: CVE-2022-2007 Use after free in WebGPU | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184>) | .NET and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30140>) | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30152>) | Windows Network Address Translation (NAT) Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-30135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30135>) | Windows Media Center Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30153>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30161>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30141>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-30143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30143>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30149>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30146>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30155>) | Windows Kernel Denial of Service Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30147>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.5 | Yes \n[CVE-2022-30142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30142>) | Windows File History Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30151>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-30160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30160>) | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30166>) | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21166>) | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | No | No | N/A | Yes \n[CVE-2022-21127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21127>) | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | No | No | N/A | Yes \n[CVE-2022-21125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21125>) | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | No | No | N/A | Yes \n[CVE-2022-21123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21123>) | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | No | No | N/A | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30174>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.4 | Yes \n[CVE-2022-30159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30159>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30171>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30172>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30173>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### SQL Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143>) | Microsoft SQL Server Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-32230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-32230>) | Windows SMB Denial of Service Vulnerability | No | No | N/A | Yes \n[CVE-2022-30136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30136>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-30139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30162>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30148>) | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30150>) | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30132>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30131>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30189>) | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-30154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30154>) | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | No | No | 5.3 | Yes \n[CVE-2022-30164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30164>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 8.4 | Yes \n[CVE-2022-29111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29111>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22018>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30188>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29119>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30167>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30193>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n\u200b\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe\n\n \n\n\n_**Additional reading:**_\n\n * _[The Hidden Harm of Silent Patches](<https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/>)_\n * _[Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7](<https://www.rapid7.com/blog/post/2022/05/16/maximize-your-vm-investment-fix-vulnerabilities-faster-with-automox-rapid7/>)_\n * _[How to Strategically Scale Vendor Management and Supply Chain Security](<https://www.rapid7.com/blog/post/2022/04/26/how-to-strategically-scale-vendor-management-and-supply-chain-security/>)_\n * _[Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/>) \n_", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T19:37:50", "type": "rapid7blog", "title": "Patch Tuesday - June 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22018", "CVE-2022-22021", "CVE-2022-26937", "CVE-2022-29111", "CVE-2022-29119", "CVE-2022-29143", "CVE-2022-29149", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30137", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30159", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30167", "CVE-2022-30168", "CVE-2022-30171", "CVE-2022-30172", "CVE-2022-30173", "CVE-2022-30174", "CVE-2022-30177", "CVE-2022-30178", "CVE-2022-30179", "CVE-2022-30180", "CVE-2022-30184", "CVE-2022-30188", "CVE-2022-30189", "CVE-2022-30190", "CVE-2022-30193", "CVE-2022-32230"], "modified": "2022-06-14T19:37:50", "id": "RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "href": "https://blog.rapid7.com/2022/06/14/patch-tuesday-june-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2022-05-11T11:15:19", "description": "Microsoft has revealed 73 new patches for [May\u2019s monthly update of security fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>), including a patch for one flaw\u2013a zero-day Windows LSA Spoofing Vulnerability rated as \u201cimportant\u201d\u2014that is currently being exploited with man-in-the-middle attacks.\n\nThe software giant\u2019s monthly update of patches that comes out every second Tuesday of the month\u2013known as Patch Tuesday\u2014also included fixes for seven \u201ccritical\u201d flaws, 65 others rated as \u201cimportant,\u201d and one rated as \u201clow.\u201d\n\n\u201cAlthough this isn\u2019t a large number, this month makes up for it in severity and infrastructure headaches,\u201d observed Chris Hass, director of security at security firm [Automox](<https://www.automox.com/>)_, _in an email to Threatpost. \u201cThe big news is the critical vulnerabilities that need to be highlighted for immediate action.\u201d\n\nOf the seven critical flaws, five allow for remote code execution (RCE) and two give attackers elevation of privilege (EoP). The remainder of the flaws also include a high percentage of RCE and EoP bugs, with the former accounting for 32.9 percent of the flaws patched this month, while the latter accounted for 28.8 percent of fixes, according to [a blog post](<https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925>) by researchers at Tenable.\n\nThe Windows LSA Spoofing Vulnerability, tracked as [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925>), in and of itself was not rated as critical. However, when chained with a new technology LAN manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8, noted Allan Liska, a senior security architect at Recorded Future, in an e-mail to Threatpost.\n\nMoreover, the flaw\u2014which allows an unauthenticated attacker to coerce domain controllers to authenticate to an attacker-controller server using NTLM\u2013is being exploited in the wild as a zero-day, he said. This makes it a priority to patch, Liska added, echoing guidance from Microsoft.\n\n## **Critical Infrastructure Vulnerabilities **\n\nOf the other critical RCE flaws patched by Microsoft, four are worth noting because of their presence in infrastructure that\u2019s fairly ubiquitous in many enterprise and/or cloud environments.\n\nOne is tracked as [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>) and is found in Insight Software\u2019s Magnitude Simba Amazon Redshift ODBC Driver, and would need to be patched by a cloud provider\u2014something organizations should follow up on, Liska said.\n\n[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012>) and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130>) are RCE vulnerabilities found in Microsoft\u2019s LDAP service that are rated as critical. However, a caveat by Microsoft in its security bulletin noted that they are only exploitable \u201cif the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.\u201d That means that systems with the default value of this policy would not be vulnerable, the company said.\n\nWhile \u201chaving the MaxReceiveBuffer set to a higher value than the default\u201d seems an \u201cuncommon configuration,\u201d if an organization has this setting, it should prioritize patching these vulnerabilities, Liska observed.\n\nAnother critical RCE, [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>), is found in the Network File System (NFS) and has broad impact for Windows Server versions 2008 through 2022. However, this vulnerability only affects NFSV2 and NFSV3, and Microsoft has included instructions for disabling these [versions of the NFS in the bulletin](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>).\n\nAt the same time, Microsoft characterized the ease of exploitation of these vulnerabilities as \u201cExploitation More Likely,\u201d as was the case with a similar vulnerability, [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an actively exploited zero day in the TCP/IP protocol stack in Windows server that [was patched](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) in August 2021.\n\n\u201cGiven the similarities between these vulnerabilities and those of August of 2021, we could all be in store for a rough May,\u201d Liska noted.\n\n## **Another Important Flaw Fixed**\n\nOf the other flaws, another \u201cimportant\u201d one to note is [CVE-2022-22019](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019>), a companion vulnerability to three previously disclosed and patched flaws found in Microsoft\u2019s Remote Procedure Call (RPC) runtime library.\n\nThe vulnerability, discovered by Akamai researcher Ben Barnea, takes advantage of three RPC runtime library flaws that Microsoft had patched in April\u2013[CVE-2022-26809](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809>), [CVE-2022-24492](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492>) and [CVE-2022-24528](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528>), he revealed in [a blog post Tuesday](<https://www.akamai.com/blog/security/rpc-runtime-patch-tuesday-take-two>). The flaws affected Windows 7, 8, 10 and 11, and Windows Servers 2008, 2012, 2019 and 2022, and could allow a remote, unauthenticated attacker to execute code on the vulnerable machine with the privileges of the RPC service.\n\nAkamai researchers discovered that the previous patch only partially addressed the problem, allowing the new vulnerability to create the same integer overflow that was supposed to be fixed, he explained.\n\n\u201cDuring our research, we found that right before allocating memory for the new coalesced buffer, the code adds another 24 bytes to the allocation size,\u201d Barnea wrote in the post. \u201cThese 24 bytes are the size of a struct called \u2018rpcconn_request_hdr_t,\u2019 which serves as the buffer header.\u201d\n\nThe previous patch performs the check for integer overflow before adding the header size, so it does not take into account this header\u2013which can lead to the same integer overflow that the patch was attempting to mitigate, he explained.\n\n\u201cThe new patch adds another call to validate that the addition of 24 bytes does not overflow,\u201d mitigating the problem, Barnea wrote.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T11:12:11", "type": "threatpost", "title": "Actively Exploited Zero-Day Bug Patched by Microsoft", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2022-22012", "CVE-2022-22019", "CVE-2022-24492", "CVE-2022-24528", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-26937", "CVE-2022-29130", "CVE-2022-29972"], "modified": "2022-05-11T11:12:11", "id": "THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F", "href": "https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-19T00:06:33", "description": "Microsoft is alerting customers that its May Patch [Tuesday update](<https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2826msgdesc>) is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue.\n\nThe warning comes amid [shared reports](<https://www.reddit.com/r/sysadmin/comments/um9qur/patch_tuesday_megathread_20220510/i85p2ll/?context=3>) of multiple services and policies failing after installing the security update. \u201cAuthentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect.\u201d posted an admin to a Reddit thread on the topic.\n\nAccording to Microsoft, the issue has been caused after installing the updates released on May 10, 2022.\n\n\u201cAfter installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://docs.microsoft.com/en-us/windows/win32/nps/ias-radius-authentication-and-accounting>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>),\u201d Microsoft reported.\n\n\u201cAn issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller,\u201d Microsoft added.\n\nThe domain controller is a server that is responsible for responding to authentication requests as well as verifying the user on a computer network, and the active directory is a type of directory service that stores the information about objects on a network and makes this information readily available for the users.\n\nMicrosoft added a note that the update will not affect the client\u2019s Windows devices and non-domain controller windows servers, and will only cause issues for the server acting as a domain controller.\n\n\u201cInstallation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.\u201d Microsoft explains.\n\n## **Authentication Failure Caused by Security Update**\n\n[Microsoft releases another document](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_compatmode>), explaining further details related to the authentication problem caused by the security update addressing the privilege escalation vulnerabilities in Windows Kerbose and its Active Directory Domain Service.\n\nThe vulnerabilities are tracked as [CVE-2022-26931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26931>) in Windows Kerberos with a high severity CVSS rating of 7.5 and [CVE-2022-26923](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26923>) (discovered by security researcher [Oliver Lyak](<https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4>)) in Microsoft\u2019s Active Directory Domain Services. It has a CVSS score of 8.8 and is rated as high. An attacker can exploit the vulnerability if left unpatched and escalate the privilege to that of the [domain admin](<https://twitter.com/wdormann/status/1524446644942647299>).\n\n## **Workarounds**\n\nThe Domain administrators are advised by Microsoft to [manually map](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_certmap>) the certificates to a user in Active Directory until the official updates are available.\n\n\u201cDomain administrators can manually map certificates to a user in Active Directory using the altSecurityIdentities attribute of the user\u2019s Object,\u201d Microsoft added.\n\n\u201cIf the preferred mitigation will not work in your environment, please see [\u2018KB5014754](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>)\u2014Certificate-based authentication changes on Windows domain controllers\u2019 for other possible mitigations in the SChannel registry key section,\u201d reported by Microsoft.\n\nAs per Microsoft any other mitigation method might not provide adequate security hardening.\n\nAccording to Microsoft, the May 2022 update is allowing all authentication attempts unless the certificate is older than the user, this is because the updates automatically set the StrongCertificateBindingEnforcement registry key, \u201cwhich changes the enforcement mode of the KDC to Disabled Mode, Compatibility Mode, or Full Enforcement Mode\u201d Microsoft explains.\n\nOne Window Admin that spoke to _Bleepingcomputer _said that the only way they were able to get some of the users log in with the following installation of the patch was to disable the StrongCertificateBindingEnforcement key by settings its value to 0.\n\nBy changing the REG_DWORD DataType value to 0, the admin can disable the strong certificate mapping check and can create the key from the scratch. This method is not recommended by Microsoft, but it\u2019s the only way to allow all users to log in.\n\nThe issues are properly investigated by Microsoft and a proper fix should be available soon.\n\nMicrosoft also recently releases the [73 new patches](<https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/>) of May\u2019s monthly update of security fixes.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T11:46:39", "type": "threatpost", "title": "Microsoft\u2019s May Patch Tuesday Updates Cause Windows AD Authentication Errors", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26923", "CVE-2022-26931"], "modified": "2022-05-16T11:46:39", "id": "THREATPOST:FFC96438DF87C2B7A1ABFD101EBC298C", "href": "https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-05-30T13:56:46", "description": "Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I'm using my [Vulristics](<https://github.com/leonov-av/vulristics>) project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch Tuesday, April 12th. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239089>\n\nI have set direct links in comments_links.txt for Qualys, ZDI and Kaspersky blog posts.\n \n \n $ cat comments_links.txt\n Qualys|May 2022 Patch Tuesday: Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/05/10/may-2022-patch-tuesday\n ZDI|THE MAY 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review\n Kaspersky|Actively exploited vulnerability in Windows|https://www.kaspersky.com/blog/windows-actively-exploited-vulnerability-cve-2022-26925/44305/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"May\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: May\n MS PT Date: 2022-05-10\n MS PT CVEs found: 73\n Ext MS PT Date from: 2022-04-13\n Ext MS PT Date to: 2022-05-09\n Ext MS PT CVEs found: 38\n ALL MS PT CVEs: 111\n ...\n\nLet's see the report.\n\n * All vulnerabilities: 110\n * Urgent: 0\n * Critical: 1\n * High: 27\n * Medium: 69\n * Low: 13\n\nThe most dangerous and the only critical vulnerability of this month was actually presented between Patch Tuesdays. **Memory Corruption** in Microsoft Edge/Chromium ([CVE-2022-1364](<https://vulners.com/cve/CVE-2022-1364>)). Exploitation in the wild for this vulnerability was mentioned on [AttackerKB](<https://attackerkb.com/topics/2g85mcptOV/cve-2022-1364>) website and it is also in CISA Known Exploited Vulnerabilities Catalog. "Google is aware that an exploit for this vulnerability exists in the wild". This is a first example of the [new Vulristics functionality](<https://avleonov.com/2022/05/23/vulristics-may-2022-update-cvss-redefinitions-and-bulk-adding-microsoft-products-from-ms-cve-data/>). The CVSS Base Score for this vulnerability was added from a third party site, WhiteSource, because it was not available on NVD.\n\nThe most dangerous and most hyped vulnerability among those that were presented directly on Patch Tuesday day is **Spoofing** in Windows Local Security Authority (LSA) ([CVE-2022-26925](<https://vulners.com/cve/CVE-2022-26925>)). The vulnerability can affect all Windows operating systems from Windows 7 (Windows Server 2008 for server systems) and later. It received a CVSSv3 score of 8.1. However, when chained with a new technology LAN manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8. According to the advisory from Microsoft, it has been exploited in the wild as a zero-day. An unauthenticated attacker could force domain controllers to authenticate to an attacker-controller server using NTLM. Raphael John, who has been credited by Microsoft for reporting this vulnerability revealed on Twitter that the vulnerability is actually the bug known as [PetitPotam (CVE-2021-36942)](<https://avleonov.com/2021/08/02/last-weeks-security-news-serious-sam-in-metasploit-petitpotam-zimbra-hijack-joint-advisory-top30-cves/>) from August 2021. "[The story behind CVE-2022-26925](<https://twitter.com/raphajohnsec/status/1524402300625858562>) is no advanced reverse engineering, but a lucky accident. During my pentests in January and March, I saw that PetitPotam worked against the [domain controllers]". It looks like Microsoft failed to properly fix the PetitPotam vulnerability.\n\nThere were 10 **Remote Code Execution** in Windows LDAP this month. But VM vendors specify [CVE-2022-22012](<https://vulners.com/cve/CVE-2022-22012>) and [CVE-2022-29130](<https://vulners.com/cve/CVE-2022-29130>), because of the biggest CVSS Base Scores, 9.8. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker\u2019s code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.\n\n**Remote Code Execution** in Windows Network File System ([CVE-2022-26937](<https://vulners.com/cve/CVE-2022-26937>)). This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). NFS version 4.1 is not impacted by this vulnerability and Microsoft provides the recommended workaround of disabling NFS versions 2 and 3 for those users who are not able to immediately apply the patch. Exploitability Assessment: Exploitation More Likely.\n\n**Remote Code Execution** in Windows Remote Desktop Client ([CVE-2022-22017](<https://vulners.com/cve/CVE-2022-22017>)). An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim\u2019s system in the context of the targeted user. Exploitability Assessment: Exploitation More Likely.\n\n**Elevation of Privilege** in Windows Print Spooler ([CVE-2022-29104](<https://vulners.com/cve/CVE-2022-29104>), [CVE-2022-29132](<https://vulners.com/cve/CVE-2022-29132>)). These are just the latest in a long line of EoP vulnerabilities Microsoft has addressed in Print Spooler over the last year, several of which have been exploited in attacks.\n\nAn interesting situation has developed around **Elevation of Privilege** in Kerberos ([CVE-2022-26931](<https://vulners.com/cve/CVE-2022-26931>)) and **Elevation of Privilege** in Active Directory ([CVE-2022-26923](<https://vulners.com/cve/CVE-2022-26923>)). Patches for these vulnerabilities caused [service authentication problems](<https://www.bleepingcomputer.com/news/microsoft/microsoft-may-windows-updates-cause-ad-authentication-failures/>) when deployed on Windows Server domain controllers. But within a week the problem was resolved. Microsoft released workaround and additional [updates for domain controllers](<https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services>).\n\nAll vulnerabilities in this episode do not have a public exploit, but there are some that have a mark about "Proof-of-Concept Exploit" in the Microsoft CVSS Temporal Score. Therefore, it is more likely that exploits for them will appear soon.\n\n * **Spoofing** - Microsoft Edge ([CVE-2022-29147](<https://vulners.com/cve/CVE-2022-29147>))\n * **Denial of Service** - Windows Hyper-V ([CVE-2022-22713](<https://vulners.com/cve/CVE-2022-22713>))\n * **Information Disclosure** - Windows Clustered Shared Volume ([CVE-2022-29123](<https://vulners.com/cve/CVE-2022-29123>))\n\nThe full report is available here: [ms_patch_tuesday_may2022_report](<http://avleonov.com/vulristics_reports/ms_patch_tuesday_may2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T21:21:57", "type": "avleonov", "title": "Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-1364", "CVE-2022-22012", "CVE-2022-22017", "CVE-2022-22713", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26931", "CVE-2022-26937", "CVE-2022-29104", "CVE-2022-29123", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29147"], "modified": "2022-05-26T21:21:57", "id": "AVLEONOV:8FE7F4C2B563A2A88EB2DA8822A13824", "href": "https://avleonov.com/2022/05/27/microsoft-patch-tuesday-may-2022-edge-rce-petitpotam-lsa-spoofing-bad-patches/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-25T17:57:09", "description": "Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239094>\n\nOn June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 vulnerabilities in the report. \n \n \n $ cat comments_links.txt \n Qualys|June 2022 Patch Tuesday Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/06/14/june-2022-patch-tuesday\n ZDI|THE JUNE 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"June\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: June\n MS PT Date: 2022-06-14\n MS PT CVEs found: 56\n Ext MS PT Date from: 2022-05-11\n Ext MS PT Date to: 2022-06-13\n Ext MS PT CVEs found: 38\n ALL MS PT CVEs: 94\n ...\n\n * Urgent: 1\n * Critical: 1\n * High: 32\n * Medium: 55\n * Low: 4\n\nThe urgent one is **Remote Code Execution** in Microsoft Windows Support Diagnostic Tool (MSDT) ([CVE-2022-30190](<https://vulners.com/cve/CVE-2022-30190>)). Also known as \u201cFollina\u201d. It was observed being exploited in the wild at the end of May. MSDT is an application that is used to automatically collect diagnostic information and send it to Microsoft when something goes wrong with Windows. The tool can be called up from other applications (Microsoft Word being the most popular example) through the special MSDT URL protocol. Attackers who successfully exploit this vulnerability can execute arbitrary code with the privileges of the calling app to install programs, view, change, or delete data, and even create new Windows accounts as allowed by the compromised user's rights. And now dozens of repositories with exploits for this vulnerability are available on Github. Therefore criticality is indeed Urgent. Vulristics prioritizes this correctly. While Microsoft had provided mitigation guidance in an advisory on May 30, patches were not released until June 14.\n\nThe critical vulnerability is **Remote Code Execution** in Windows Network File System ([CVE-2022-30136](<https://vulners.com/cve/CVE-2022-30136>)). A vulnerability can be exploited by an unauthenticated attacker using a specially crafted call to a NFS service. Microsoft rated this as \u201cExploitation More Likely\u201d according to its Exploitability Index. This bug looks very similar to [CVE-2022-26937 \u2013 an NFS bug patched last month](<https://avleonov.com/2022/05/27/microsoft-patch-tuesday-may-2022-edge-rce-petitpotam-lsa-spoofing-bad-patches/>). The only difference between the patches is that this month\u2019s update fixes a bug in NFSV4.1, whereas last month\u2019s bug only affected versions NSFV2.0 and NSFV3.0. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. The criticality of this vulnerability was increased by the advertisement of an exploit for this CVE in the github repository. Could this be a scam? Of course, but maybe it's not.\n\nThere were 7 High-level **Remote Code Executions** in Windows LDAP ([CVE-2022-30153](<https://vulners.com/cve/CVE-2022-30153>), [CVE-2022-30161](<https://vulners.com/cve/CVE-2022-30161>), [CVE-2022-30139](<https://vulners.com/cve/CVE-2022-30139>), [CVE-2022-30141](<https://vulners.com/cve/CVE-2022-30141>), [CVE-2022-30143](<https://vulners.com/cve/CVE-2022-30143>), [CVE-2022-30146](<https://vulners.com/cve/CVE-2022-30146>), [CVE-2022-30149](<https://vulners.com/cve/CVE-2022-30149>)). For three of them (CVE-2022-30139, CVE-2022-30141 and CVE-2022-30143) vulnerability only exists if the \u201cMaxReceiveBuffer\u201d LDAP policy is configured to a higher value than the default value (i.e. a higher maximum number of threads LDAP requests can contain per processor). A system with the default value for the policy would not be affected. For two of them (CVE-2022-30139 and CVE-2022-30141), no user interaction is required, however an attacker must "prepare the target environment to improve exploit reliability".\n\nWell, I would like to finish on patches that break servers. This time there were such problems too. This month's Windows Server updates are [causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled](<https://www.bleepingcomputer.com/news/microsoft/recent-windows-server-updates-break-vpn-rdp-rras-connections/>). The vast majority of reports related to these problems coming in since Patch Tuesday have a common theme: losing Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS) enabled where the June Windows Server Updates have been installed. It is not clear what is causing these issues, maybe a fix for "Windows Network Address Translation (NAT) Denial of Service Vulnerability" tracked as CVE-2022-30152 that may have introduced bugs into RRAS connectivity. "We are aware of the issue and working to provide a resolution. Customers experiencing this issue can temporarily disable the NAT feature on their RRAS server," a Microsoft spokesperson told. So let's wait for new patches.\n\nThe full report is available here: [ms_patch_tuesday_june2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_june2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-25T12:32:07", "type": "avleonov", "title": "Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30141", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30149", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30161", "CVE-2022-30190"], "modified": "2022-06-25T12:32:07", "id": "AVLEONOV:4B6EFA5DE55BAEFCD9C72826A3524969", "href": "https://avleonov.com/2022/06/25/microsoft-patch-tuesday-june-2022-follina-rce-nfsv4-1-rce-ldap-rces-and-bad-patches/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2022-05-20T03:29:17", "description": "**Microsoft **today released updates to fix at least 74 separate security problems in its **Windows **operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2021/07/windupate.png)\n\nBy all accounts, the most urgent bug Microsoft addressed this month is [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>), a weakness in a central component of Windows security (the "**Local Security Authority**" process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.\n\n**Greg Wiseman**, product manager for **Rapid7**, said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.\n\n"This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication," Wiseman said. "This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers."\n\nWiseman said the most recent time Microsoft patched a similar vulnerability -- last August in [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) -- it was also being exploited in the wild under the name "[PetitPotam](<https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>)."\n\n"CVE-2021-36942 was so bad it made CISA\u2019s [catalog of Known Exploited Vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)," Wiseman said.\n\nSeven of the flaws fixed today earned Microsoft's most-dire "critical" label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.\n\nAmong those is [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>), which carries a CVSS score of 9.8, and affects services using the **Windows Network File System** (NFS). **Trend Micro's Zero Day Initiative** notes that this bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.\n\n"NFS isn\u2019t on by default, but it\u2019s prevalent in environment where Windows systems are mixed with other OSes such as Linux or Unix," ZDI's **Dustin Childs** [wrote](<https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review>). "If this describes your environment, you should definitely test and deploy this patch quickly."\n\nOnce again, this month's Patch Tuesday is sponsored by **Windows Print Spooler**, a core Windows service that keeps spooling out the security hits. May's patches include four fixes for Print Spooler, including two information disclosure and two elevation of privilege flaws.\n\n"All of the flaws are rated as important, and two of the three are considered more likely to be exploited," said **Satnam Narang**, staff research engineer at **Tenable**. "Windows Print Spooler continues to remain a valuable target for attackers since [PrintNightmare was disclosed nearly a year ago](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>). Elevation of Privilege flaws in particular should be carefully prioritized, as we\u2019ve seen ransomware groups like Conti favor them as part of its playbook."\n\nOther Windows components that received patches this month include **.NET** and **Visual Studio**, **Microsoft Edge** (Chromium-based), **Microsoft Exchange Server**, **Office,** **Windows Hyper-V**,** Windows Authentication Methods**, **BitLocker**, **Remote Desktop Client**, and **Windows Point-to-Point Tunneling Protocol**.\n\nAlso today, Adobe issued five security bulletins to address at least 18 flaws in **Adobe CloudFusion**, **Framemaker**, **InCopy**, **InDesign**, and **Adobe Character Animator**. Adobe said it is not aware of any exploits in the wild for any of the issues addressed in today's updates.\n\nFor a more granular look at the patches released by Microsoft today and indexed by severity and other metrics, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com>) usually has the skinny on any patches that may be causing problems for Windows users.\n\nAs always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T02:34:59", "type": "krebs", "title": "Microsoft Patch Tuesday, May 2022 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-26925", "CVE-2022-26937"], "modified": "2022-05-11T02:34:59", "id": "KREBS:5FA70C019AB463F5E02A97C6891685D8", "href": "https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-11T16:34:05", "description": "[![Patch Tuesday Updates](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhMS1eQr1RHrJ4KbCeIAsD8LFjXS1pwaUn-CV_sgwffkJuTbtzEVFzH-MbTDp5Xux8sLeBam6yIiQBAEjbLyQubLgQjrWdabwHSiFTxmW-gozRenj_otXidWxopI20Oyu0nZYzgx96UWaVUcPM0K9d7jbK60XwY_4YW6I6w_mypjEqDN6ua4QOevUEQ/s728-e1000/windows-update-download.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhMS1eQr1RHrJ4KbCeIAsD8LFjXS1pwaUn-CV_sgwffkJuTbtzEVFzH-MbTDp5Xux8sLeBam6yIiQBAEjbLyQubLgQjrWdabwHSiFTxmW-gozRenj_otXidWxopI20Oyu0nZYzgx96UWaVUcPM0K9d7jbK60XwY_4YW6I6w_mypjEqDN6ua4QOevUEQ/s728-e100/windows-update-download.jpg>)\n\nMicrosoft on Tuesday rolled out fixes for as many as [74 security vulnerabilities](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>), including one for a zero-day bug that's being actively exploited in the wild.\n\nOf the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release.\n\nThese encompass 24 remote code execution (RCE), 21 elevation of privilege, 17 information disclosure, and six denial-of-service vulnerabilities, among others. The updates are in addition to [36 flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) patched in the Chromium-based Microsoft Edge browser on April 28, 2022.\n\nChief among the resolved bugs is [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>) (CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority ([LSA](<https://docs.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication>)), which Microsoft describes as a \"protected subsystem that authenticates and logs users onto the local system.\"\n\n\"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using [NTLM](<https://en.wikipedia.org/wiki/NT_LAN_Manager>),\" the company said. \"This security update detects anonymous connection attempts in LSARPC and disallows it.\"\n\nIt's also worth noting that the severity rating of the flaw would be elevated to 9.8 if it were to be chained with [NTLM relay attacks](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) on Active Directory Certificate Services (AD CS) such as [PetitPotam](<https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html>).\n\n\"Being actively exploited in the wild, this exploit allows an attacker to authenticate as approved users as part of an NTLM relay attack - letting threat actors gain access to the hashes of authentication protocols,\" Kev Breen, director of cyber threat research at Immersive Labs, said.\n\nThe two other publicly-known vulnerabilities are as follows -\n\n * [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972>) (CVSS score: 8.2) - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver (aka [SynLapse](<https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html>))\n * [CVE-2022-22713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22713>) (CVSS score: 5.6) - Windows Hyper-V Denial-of-Service Vulnerability\n\nMicrosoft, which remediated CVE-2022-29972 on April 15, tagged it as \"Exploitation More Likely\" on the Exploitability Index, making it imperative that affected users apply the updates as soon as possible.\n\nAlso patched by Redmond are several RCE bugs in Windows Network File System ([CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)), Windows LDAP ([CVE-2022-22012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012>), [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130>)), Windows Graphics ([CVE-2022-26927](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26927>)), Windows Kernel ([CVE-2022-29133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29133>)), Remote Procedure Call Runtime ([CVE-2022-22019](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22019>)), and Visual Studio Code ([CVE-2022-30129](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30129>)).\n\nCyber-Kunlun, a Beijing-based cybersecurity company, has been credited with reporting [30 of the 74 flaws](<https://twitter.com/mj0011sec/status/1524083750400708609>), counting CVE-2022-26937, CVE-2022-22012, and CVE-2022-29130.\n\nWhat's more, CVE-2022-22019 follows an incomplete patch for [three RCE vulnerabilities](<https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html>) in the Remote Procedure Call (RPC) runtime library \u2014 CVE-2022-26809, CVE-2022-24492, and CVE-2022-24528 \u2014 that were addressed by Microsoft in April 2022.\n\nExploiting the flaw would allow a remote, unauthenticated attacker to execute code on the vulnerable machine with the privileges of the RPC service, Akamai [said](<https://www.akamai.com/blog/security/rpc-runtime-patch-tuesday-take-two>).\n\nThe Patch Tuesday update is also notable for resolving two privilege escalation ([CVE-2022-29104](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104>) and [CVE-2022-29132](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132>)) and two information disclosure ([CVE-2022-29114](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29114>) and [CVE-2022-29140](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29140>)) vulnerabilities in the Print Spooler component, which has long posed an attractive target for attackers. \n\n### Software Patches from Other Vendors\n\nBesides Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [AMD](<https://www.amd.com/en/corporate/product-security>)\n * [Android](<https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html>)\n * [Cisco](<https://thehackernews.com/2022/05/cisco-issues-patches-for-3-new-flaws.html>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [F5](<https://thehackernews.com/2022/05/f5-warns-of-new-critical-big-ip-remote.html>)\n * [Google Chrome](<https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html>)\n * [HP](<https://support.hp.com/us-en/security-bulletins>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/May-2022>)\n * [Mozilla Firefox, Firefox ESR, and Thunderbird](<https://www.mozilla.org/en-US/security/advisories/>)\n * [Qualcomm](<https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2022-bulletin.html>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T05:29:00", "type": "thn", "title": "Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012", "CVE-2022-22019", "CVE-2022-22713", "CVE-2022-24492", "CVE-2022-24528", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-26927", "CVE-2022-26937", "CVE-2022-29104", "CVE-2022-29114", "CVE-2022-29130", "CVE-2022-29132", "CVE-2022-29133", "CVE-2022-29140", "CVE-2022-29972", "CVE-2022-30129"], "modified": "2022-05-11T16:06:59", "id": "THN:6F5BF10AC5A30E497851C9ADE15C774A", "href": "https://thehackernews.com/2022/05/microsoft-releases-fix-for-new-zero-day.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2022-07-02T13:56:44", "description": "CISA has added one new vulnerability to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. **Note:** to view the newly added vulnerabilities in the catalog, click on the arrow in the \"Date Added to Catalog\" column, which will sort by descending dates.\n\n**Note:** CISA previously added and then removed today\u2019s addition, CVE-2022-26925, to the KEV Catalog after determining that remediations associated with this vulnerability would break certificate authentication for many federal agencies. Details:\n\n * CVE-2022-26925 was mitigated by Microsoft\u2019s June 2022 Patch Tuesday update. \n * The Microsoft update also includes remediations for CVE-2022-26923 and CVE-2022-26931, which change the way certificates are mapped to accounts in Active Directory. These changes break certificate authentication for many federal agencies.\n * For this reason, CISA has also published a [Knowledge Article](<https://www.cisa.gov/guidance-applying-june-microsoft-patch>) that provides critical steps that must be followed to prevent service outages. Agencies should review this** **[Knowledge Article](<https://www.cisa.gov/guidance-applying-june-microsoft-patch>)** **carefully before beginning the mitigation process.\n\n[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](<https://www.cisa.gov/binding-operational-directive-22-01>) established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the [BOD 22-01 Fact Sheet](<https://cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf>) for more information. \n \nAlthough BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [Catalog vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the [specified criteria](<https://www.cisa.gov/known-exploited-vulnerabilities>). \n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/07/01/cisa-adds-one-known-exploited-vulnerability-catalog>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-01T00:00:00", "type": "cisa", "title": "CISA Adds One Known Exploited Vulnerability to Catalog ", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26931"], "modified": "2022-07-01T00:00:00", "id": "CISA:B55BB602515A4C4A2D3C252B1A8C9767", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/07/01/cisa-adds-one-known-exploited-vulnerability-catalog", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T11:28:01", "description": "CISA is temporarily removing CVE-2022-26925 from its [Known Exploited Vulnerability Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.\n\nFor more information see the Microsoft Knowledge Base article, [KB5014754\u2014Certificate-based authentication changes on Windows domain controllers: Key Distribution Center registry key](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>).\n\n**Note:** installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue and is still strongly encouraged. This issue only affects May 10, 2022 updates installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows Servers.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/05/13/cisa-temporarily-removes-cve-2022-26925-known-exploited>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T00:00:00", "type": "cisa", "title": "CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26925"], "modified": "2022-05-13T00:00:00", "id": "CISA:F68E3446BD3C1E21B1B472DF044A0CC3", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/05/13/cisa-temporarily-removes-cve-2022-26925-known-exploited", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdi": [{"lastseen": "2022-05-20T17:43:23", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "zdi", "title": "Microsoft Windows Media Foundation AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29105"], "modified": "2022-05-10T00:00:00", "id": "ZDI-22-731", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-731/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-10T17:50:21", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler service. By creating a symbolic link, an attacker can cause the service to load an arbitrary DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "zdi", "title": "Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29104", "CVE-2022-30138"], "modified": "2022-06-10T00:00:00", "id": "ZDI-22-732", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-732/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-10-20T11:21:13", "description": "Microsoft Windows WLAN AutoConfig Service is a wireless network card configuration service for Microsoft Windows Vista and above. Denial of Service vulnerability. The vulnerability stems from a failure to properly handle incoming error messages, and can be exploited to cause a denial of service of the application.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows WLAN AutoConfig Service Denial of Service Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29121"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70067", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70067", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-20T11:20:40", "description": "Microsoft Windows Remote Access Connection Manager is a Windows service from Microsoft that manages virtual private network (VPN) connections from your computer to the Internet. An elevation of privilege vulnerability exists in Microsoft Windows Remote Access Connection Manager. The vulnerability stems from an incorrect program call to an advanced local procedure. An attacker could exploit this vulnerability to cause an elevation of privilege.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Remote Access Connection Manager Elevation of Privilege Vulnerability (CNVD-2022-70059)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29103"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70059", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70059", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-20T11:20:53", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation (USA), and an information disclosure vulnerability exists in Microsoft Windows Server Service. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker could use this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Server Service Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26936"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70063", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70063", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-10-20T11:20:36", "description": "An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler Components, a print backend processor component of Microsoft Corporation (USA). The vulnerability stems from an incorrect program call to a high-level native procedure. An attacker could exploit this vulnerability to cause an elevation of privilege.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Print Spooler Components Elevation of Privilege Vulnerability (CNVD-2022-70056)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29132"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70056", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70056", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-20T11:20:49", "description": "Microsoft Windows Remote Procedure Call Runtime is a technology used to create distributed client/server programs from Microsoft Corporation (USA).Microsoft Windows Remote Procedure Call Runtime is vulnerable to remote code execution vulnerability. The vulnerability stems from the failure of a network system or product to properly filter special elements in code segments constructed from external input data. An attacker could exploit this vulnerability to cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22019"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70062", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70062", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T11:20:50", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72853)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29137"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72853", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72853", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T11:21:06", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72858)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29139"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72858", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72858", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T11:21:17", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72854)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22013"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72854", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72854", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-10-20T11:21:07", "description": "Microsoft Windows WLAN AutoConfig Service is a wireless network card configuration service for Microsoft Windows Vista and later operating systems. An information disclosure vulnerability exists in Microsoft Windows WLAN Auto Config Service. The vulnerability is caused by a configuration error in the operation of the network system or product. An attacker could use this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows WLAN Auto Config Service Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26935"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70066", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70066", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T11:21:22", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP remote code execution vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22014"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72860", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72860", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T11:21:12", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72855)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29128"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72855", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72855", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T11:20:54", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72856)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22012"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72856", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72856", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-20T11:20:44", "description": "Microsoft Windows Remote Desktop Protocol (RDP) is an application used to connect to remote Windows desktops from Microsoft Corporation (USA).Microsoft Windows Remote Desktop is vulnerable to information disclosure. The vulnerability stems from a configuration or other error in the operation of the network system or product. An attacker could use this vulnerability to gain access to sensitive information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-12T00:00:00", "type": "cnvd", "title": "Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CNVD-2022-70061)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22015"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70061", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70061", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T11:21:11", "description": "Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "cnvd", "title": "Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72859)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29129"], "modified": "2022-11-01T00:00:00", "id": "CNVD-2022-72859", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-72859", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-05-19T03:32:01", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Point-to-Point Tunneling Protocol Remote Code Execution (CVE-2022-23270)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23270"], "modified": "2022-05-10T00:00:00", "id": "CPAI-2022-0224", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T03:29:41", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-17T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Network File System Remote Code Execution (CVE-2022-26937)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-05-17T00:00:00", "id": "CPAI-2022-0241", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-17T18:03:34", "description": "A remote code execution vulnerability exists in Microsoft Windows VPN component. The vulnerability is due to improper handling of PPTP packets.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "checkpoint_advisories", "title": "Windows PPTP Protocol Use After Free (CVE-2022-21972)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21972"], "modified": "2022-11-17T00:00:00", "id": "CPAI-2022-0822", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T03:33:07", "description": "An NTLM relay vulnerability exists in Microsoft Active Directory Certificate Services. A remote attack can coerce Windows hosts to authenticate to other machines via the MS-EFSRPC protocol and obtain its NTLM credential. Successful exploitation could lead to complete takeover of the target domain.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-27T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Active Directory Certificate Services NTLM Relay (CVE-2021-36942; CVE-2022-26925)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36942", "CVE-2022-26925"], "modified": "2022-05-10T00:00:00", "id": "CPAI-2021-0487", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "mskb": [{"lastseen": "2023-01-11T11:08:19", "description": "None\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows Server 2022, see its update history page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard.\n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5012637 (released April 25, 2022) and also addresses the following issues: \n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>) and the [May 2022 Security Updates.](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>)\n\n### Windows 10 servicing stack update - 20348.677\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \n**Updated May 27, 2022**After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://docs.microsoft.com/windows/win32/nps/ias-radius-authentication-and-accounting>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.**Note **Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.| **Updated May 27, 2022**The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see [Certificate Mapping](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_certmap>). **Note** The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see [KB5014754\u2014Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for other possible mitigations in the SChannel registry key section.**Note** Any other mitigation except the preferred mitigations might lower or disable security hardening.This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the **SChannel registry key** section of [KB5014754](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>). There is no action needed on the client side to resolve this authentication issue.To get the standalone package for these out-of-band updates, search for the KB number in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/>). You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see [WSUS and the Catalog Site](<https://docs.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site>). For Configuration Manger instructions, see [Import updates from the Microsoft Update Catalog](<https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates#import-updates-from-the-microsoft-update-catalog>). Note The below updates are not available from Windows Update and will not install automatically.Cumulative updates:\n\n * Windows Server 2022: [KB5015013](<https://support.microsoft.com/help/5015013>)\n * Windows Server, version 20H2: [KB5015020](<https://support.microsoft.com/help/5015020>)\n * Windows Server 2019: [KB5015018](<https://support.microsoft.com/help/5015018>)\n * Windows Server 2016: [KB5015019](<https://support.microsoft.com/help/5015019>)\n**Note** You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5013944>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5013944](<https://download.microsoft.com/download/c/f/c/cfc5b963-ee0f-455d-838e-a6510322df32/5013944.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.677](<https://download.microsoft.com/download/1/f/c/1fceb180-dde8-42e8-9a14-4c1423b93ed0/SSU_version_20348_677.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5013944 (OS Build 20348.707)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5013944", "href": "https://support.microsoft.com/en-us/help/5013944", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:21", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT** Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows Server 2008 SP2 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows Server 2008 SP2, see the following update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5012658](<https://support.microsoft.com/help/5012658>) (released April 12, 2022) and includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * After installing the January 2022 Windows update or a later Windows update on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing by using Netdom.exe or \"Active Directory Domains and Trusts\" snap-in may fail and you receive the following error message: \"Insufficient system resources exist to complete the requested service.\"\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2008 SP2 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices. | Install update [KB5014990](<https://support.microsoft.com/help/5014990>) on Windows Server 2008 SP2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5011942](<https://support.microsoft.com/help/5011942>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014010>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014010](<https://download.microsoft.com/download/3/0/2/302c1149-5bd5-4805-8093-4570a7eaecd2/5014010.csv>).\n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014010 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014010", "href": "https://support.microsoft.com/en-us/help/5014010", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:36:01", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update. \n\n**IMPORTANT **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows Server 2008 SP2 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows Server 2008 SP2, see the following update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2008 SP2 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices.| Install update [KB5014990](<https://support.microsoft.com/help/5014990>) on Windows Server 2008 SP2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB5011942](<https://support.microsoft.com/help/5011942>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014006>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014006](<https://download.microsoft.com/download/9/6/a/96a8eda2-44db-4142-8a3e-1226d7e1e47b/5014006.csv>).\n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014006 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014006", "href": "https://support.microsoft.com/en-us/help/5014006", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:36:03", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2012 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices. | Install update [KB5014991](<https://support.microsoft.com/help/5014991>) on Windows Server 2012 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014027](<https://support.microsoft.com/help/5014027>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014018>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014018](<https://download.microsoft.com/download/9/8/1/981eeebb-8eca-49d7-bc3c-985ad06c7954/5014018.csv>).\n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014018 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014018", "href": "https://support.microsoft.com/en-us/help/5014018", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:36:00", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows 7 SP1 or Windows Server 2008 R2 SP1 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows 7 SP1 and Windows Server 2008 R2 SP1, see the following update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2008 R2 SP1 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices.| Install update [KB5014987](<https://support.microsoft.com/help/5014987>) on Windows Server 2008 R2 SP1 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5011649](<https://support.microsoft.com/help/5011649>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5013999>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5013999](<https://download.microsoft.com/download/3/5/f/35f12568-3610-43e0-9079-42fdb96fdcc1/5013999.csv>).\n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5013999 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5013999", "href": "https://support.microsoft.com/en-us/help/5013999", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:21", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update. \n\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5012650](<https://support.microsoft.com/help/5012650>) (released April 12, 2022 and includes new improvements for the following issues: \n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * After installing the January 2022 Windows update or a later Windows update on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing by using Netdom.exe or \"Active Directory Domains and Trusts\" snap-in may fail and you receive the following error message: \"Insufficient system resources exist to complete the requested service.\"\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2012 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices. | Install update [KB5014991](<https://support.microsoft.com/help/5014991>) on Windows Server 2012 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014027](<https://support.microsoft.com/help/5014027>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014017>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014017](<https://download.microsoft.com/download/b/f/3/bf354302-ec60-43c8-9eeb-9ce5a12138f7/5014017.csv>). \n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014017 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014017", "href": "https://support.microsoft.com/en-us/help/5014017", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:21", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows 7 SP1 or Windows Server 2008 R2 SP1 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows 7 and Windows Server 2008 R2, see the following update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5012626](<https://support.microsoft.com/help/5012626>) (released April 12, 2022) and includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * After installing the January 2022 Windows update or a later Windows update on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing by using Netdom.exe or \"Active Directory Domains and Trusts\" snap-in may fail and you receive the following error message: \"Insufficient system resources exist to complete the requested service.\"\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom **| **Next step ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2008 R2 SP1 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices. | Install update [KB5014987](<https://support.microsoft.com/help/5014987>) on Windows Server 2008 R2 SP1 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5011649](<https://support.microsoft.com/help/5011649>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014012>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014012](<https://download.microsoft.com/download/b/7/b/b7ba00c7-ea17-4055-b927-d20f75ea41d7/5014012.csv>).\n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014012 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014012", "href": "https://support.microsoft.com/en-us/help/5014012", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:19", "description": "None\n**Note: **To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an [anonymous survey](<https://forms.office.com/r/ficuk8QT3n>) for you to share your comments and feedback. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1607, see its update history page. \n\n## Highlights\n\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes quality improvements. Key changes include:\n\n * **New! **Adds improvements for servicing the Secure Boot component of Windows.\n * Addresses an issue that might occur when you use **Netdom.exe** or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. The error message is, \"Insufficient system resources exist to complete the requested service.\" This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe).\n * Addresses an issue that causes the improper cleanup of Dynamic Data Exchange (DDE) objects. This prevents session teardown and causes a session to stop responding.\n * Addresses an issue that might cause **Kerberos.dll** to stop working within the Local Security Authority Subsystem Service (LSASS). This occurs when LSASS processes simultaneous Service for User (S4U) user-to-user (U2U) requests for the same client user.\n * Addresses a known issue that might prevent recovery discs (CD or DVD) from starting if you created them using the [Backup and Restore (Windows 7)](<https://support.microsoft.com/windows/backup-and-restore-in-windows-352091d2-bb9d-3ea3-ed18-52ef2b88cbef>) app in Control Panel. This issue occurs after installing Windows updates released January 11, 2022 or later.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \n**Updated May 27, 2022**After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://docs.microsoft.com/windows/win32/nps/ias-radius-authentication-and-accounting>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.**Note **Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.| **Updated May 27, 2022**The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see [Certificate Mapping](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_certmap>). **Note** The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see [KB5014754\u2014Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for other possible mitigations in the SChannel registry key section.**Note** Any other mitigation except the preferred mitigations might lower or disable security hardening.This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the **SChannel registry key** section of [KB5014754](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>). There is no action needed on the client side to resolve this authentication issue.To get the standalone package for these out-of-band updates, search for the KB number in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/>). You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see [WSUS and the Catalog Site](<https://docs.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site>). For Configuration Manger instructions, see [Import updates from the Microsoft Update Catalog](<https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates#import-updates-from-the-microsoft-update-catalog>). Note The below updates are not available from Windows Update and will not install automatically.Cumulative updates:\n\n * Windows Server 2022: [KB5015013](<https://support.microsoft.com/help/5015013>)\n * Windows Server, version 20H2: [KB5015020](<https://support.microsoft.com/help/5015020>)\n * Windows Server 2019: [KB5015018](<https://support.microsoft.com/help/5015018>)\n * Windows Server 2016: [KB5015019](<https://support.microsoft.com/help/5015019>)\n**Note** You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).If you are using Windows Update, the latest SSU (KB5014026) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5013952>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5013952](<https://download.microsoft.com/download/7/5/0/7504ab90-2820-4c04-8177-c86ed68da80d/5013952.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5013952 (OS Build 14393.5125)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5013952", "href": "https://support.microsoft.com/en-us/help/5013952", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:21", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5012670](<https://support.microsoft.com/help/5012670>) (released April 12, 2022) and includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * After installing the January 2022 Windows update or a later Windows update on the Primary Domain Controller emulator (PDCe), listing or modifying name suffixes routing by using Netdom.exe or \"Active Directory Domains and Trusts\" snap-in may fail and you receive the following error message: \"Insufficient system resources exist to complete the requested service.\"\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2012 R2 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices. | Install update [KB5014986](<https://support.microsoft.com/help/5014986>) on Windows Server 2012 R2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014025](<https://support.microsoft.com/help/5014025>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014011>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014011](<https://download.microsoft.com/download/2/b/0/2b0f55ce-89bc-4972-9e0b-8821ff5b1adb/5014011.csv>). \n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014011 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014011", "href": "https://support.microsoft.com/en-us/help/5014011", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T11:08:19", "description": "None\n**Note: **To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an [anonymous survey](<https://forms.office.com/r/ficuk8QT3n>) for you to share your comments and feedback. \n\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1507, see its update history page.\n\n## Highlights\n\n * Addresses security issues for your Windows operating system. \n\n## Improvements \n\nThis security update includes quality improvements. Key changes include: \n\n * Addresses an issue that might occur when you use **Netdom.exe** or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. The error message is, \"Insufficient system resources exist to complete the requested service.\" This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe).\n * Addresses an issue that causes the primary domain controller (PDC) of the root domain to generate warning and error events in the System log. This issue occurs when the PDC incorrectly tries to scan outgoing-only trusts.\n * Addresses a known issue that might prevent recovery discs (CD or DVD) from starting if you created them using the [Backup and Restore (Windows 7)](<https://support.microsoft.com/windows/backup-and-restore-in-windows-352091d2-bb9d-3ea3-ed18-52ef2b88cbef>) app in Control Panel. This issue occurs after installing Windows updates released January 11, 2022 or later.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \n**Updated May 27, 2022**After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://docs.microsoft.com/windows/win32/nps/ias-radius-authentication-and-accounting>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.**Note **Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.| **Updated May 27, 2022**The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see [Certificate Mapping](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_certmap>). **Note** The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see [KB5014754\u2014Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for other possible mitigations in the SChannel registry key section.**Note** Any other mitigation except the preferred mitigations might lower or disable security hardening.This issue was addressed in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the **SChannel registry key** section of [KB5014754](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>). There is no action needed on the client side to resolve this authentication issue.To get the standalone package for these out-of-band updates, search for the KB number in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/>). You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see [WSUS and the Catalog Site](<https://docs.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site>). For Configuration Manger instructions, see [Import updates from the Microsoft Update Catalog](<https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates#import-updates-from-the-microsoft-update-catalog>). Note The below updates are not available from Windows Update and will not install automatically.Cumulative updates:\n\n * Windows Server 2022: [KB5015013](<https://support.microsoft.com/help/5015013>)\n * Windows Server, version 20H2: [KB5015020](<https://support.microsoft.com/help/5015020>)\n * Windows Server 2019: [KB5015018](<https://support.microsoft.com/help/5015018>)\n * Windows Server 2016: [KB5015019](<https://support.microsoft.com/help/5015019>)\n**Note** You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>). If you are using Windows Update, the latest SSU (KB5014024) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5013963>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5013963](<https://download.microsoft.com/download/7/9/6/7967d35d-c17e-431d-a42c-4cda18e40727/5013963.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5013963 (OS Build 10240.19297)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5013963", "href": "https://support.microsoft.com/en-us/help/5013963", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T10:54:51", "description": "None\n## **Summary**\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) makes sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.This update applies to the following:\n\n * Windows 8.1 for x86-based devices\n * Windows 8.1 for x64-based devices\n * Windows RT 8.1\n * Windows Server 2012 R2\n * Windows Server 2012 R2 (Server Core installation)\n\n## **How to get this update**\n\n**Method 1: Windows Update **This update is available through Windows Update. It will be downloaded and installed automatically. **Method 2: Microsoft Update Catalog **To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014025>) website.**Method 3: Windows Server Update Services**This update is also available through Windows Server Update Services (WSUS).**Prerequisites **There are no prerequisites to apply this update.**Restart information **You don't have to restart your computer after you apply this update.**Removal information**Servicing stack updates (SSUs) make changes to how updates are installed and cannot be uninstalled from the device.**Update replacement information **This update replaces the previously released update [KB5012672](<https://support.microsoft.com/help/5012672>).\n\n## **File Information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nhttpai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 55,296 \npeerdistai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 65,024 \nPrintAdvancedInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:41| 99,328 \nmsdtcadvancedinstaller.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 215,040 \nnetfxconfig.dll| 6.3.9600.19991| 23-Mar-21| 11:59| 40,448 \nConfigureIEOptionalComponentsAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 76,800 \nIEFileInstallAI.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 66,560 \nservicemodelregai.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 96,768 \nSetIEInstalledDateAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 49,152 \nceipfwdai.dll| 6.3.9600.20327| 7-Mar-22| 20:32| 197,632 \nbcdeditai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 271,360 \nappxreg.dll| 6.3.9600.19991| 23-Mar-21| 11:51| 19,968 \nRegisterIEPKeysAI.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 23,040 \ncmipnpinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:57| 195,072 \nsecurebootai.dll| 6.3.9600.20367| 13-Apr-22| 20:44| 61,952 \nwinsockai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 71,680 \nws2_helper.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 50,176 \ncleanupai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 37,376 \nwdscore.dll| 6.3.9600.19402| 24-Jun-19| 18:32| 208,384 \nCntrtextInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:31| 128,000 \ndrvstore.dll| 6.3.9600.19402| 24-Jun-19| 18:35| 610,304 \ndpx.dll| 6.3.9600.19402| 24-Jun-19| 18:25| 265,216 \nmsdelta.dll| 6.3.9600.19402| 24-Jun-19| 18:33| 398,336 \nmspatcha.dll| 6.3.9600.19402| 24-Jun-19| 18:36| 36,864 \ncmiv2.dll| 6.3.9600.20327| 7-Mar-22| 21:01| 2,257,408 \ncmiaisupport.dll| 6.3.9600.20327| 7-Mar-22| 20:33| 2,162,688 \ncmitrust.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 286,720 \nWcmTypes.xsd| Not versioned| 18-Jun-13| 6:06| 1,047 \nCbsMsg.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 41,984 \nCbsCore.dll| 6.3.9600.20367| 13-Apr-22| 20:27| 1,379,840 \nTiWorker.exe| 6.3.9600.17477| 30-Oct-14| 15:37| 190,464 \nTiFileFetcher.exe| 6.3.9600.20327| 7-Mar-22| 20:32| 355,328 \nDrUpdate.dll| 6.3.9600.19402| 24-Jun-19| 18:34| 202,240 \nwrpint.dll| 6.3.9600.19402| 24-Jun-19| 18:26| 56,320 \nwcp.dll| 6.3.9600.20367| 13-Apr-22| 20:45| 2,409,472 \ncmiadapter.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 121,856 \nsmiengine.dll| 6.3.9600.20327| 7-Mar-22| 20:28| 750,080 \nsmipi.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 59,904 \npoqexec.exe| 6.3.9600.19651| 12-Feb-20| 21:06| 129,536 \nx86_installed| Not versioned| 18-Jun-13| 5:26| 9 \nbfsvc.dll| 6.3.9600.19991| 23-Mar-21| 11:24| 74,752 \ntimezoneai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 86,528 \nGlobalInstallOrder.xml| Not versioned| 18-Jun-13| 6:12| 1,249,919 \nluainstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 43,008 \nfveupdateai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 57,344 \nmofinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 64,000 \nesscli.dll| 6.3.9600.19402| 24-Jun-19| 18:31| 293,376 \nmofd.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 204,800 \nrepdrvfs.dll| 6.3.9600.17475| 28-Oct-14| 17:13| 276,992 \nfastprox.dll| 6.3.9600.19402| 24-Jun-19| 18:30| 670,208 \nwbemcomn.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 386,048 \nwbemcore.dll| 6.3.9600.20367| 13-Apr-22| 20:41| 925,696 \nwmiutils.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 90,624 \nwbemprox.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 29,696 \nwmicmiplugin.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 392,704 \nsppinst.dll| 6.3.9600.19402| 24-Jun-19| 18:25| 646,656 \ncmifw.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 80,896 \nFirewallOfflineAPI.dll| 6.3.9600.17475| 28-Oct-14| 17:18| 140,800 \nNetSetupAI.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 55,296 \nNetSetupApi.dll| 6.3.9600.17475| 28-Oct-14| 17:17| 124,928 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nhttpai.dll| 6.3.9600.20367| 13-Apr-22| 20:51| 57,856 \npeerdistai.dll| 6.3.9600.20367| 13-Apr-22| 20:51| 72,192 \nPrintAdvancedInstaller.dll| 6.3.9600.19991| 22-Mar-21| 22:20| 102,400 \nmsdtcadvancedinstaller.dll| 6.3.9600.20367| 13-Apr-22| 20:50| 257,536 \nnetfxconfig.dll| 6.3.9600.19991| 22-Mar-21| 22:45| 34,816 \nConfigureIEOptionalComponentsAI.dll| 6.3.9600.20367| 13-Apr-22| 20:50| 84,992 \nIEFileInstallAI.dll| 6.3.9600.20367| 13-Apr-22| 20:45| 68,096 \nservicemodelregai.dll| 6.3.9600.20367| 13-Apr-22| 20:50| 115,200 \nSetIEInstalledDateAI.dll| 6.3.9600.20367| 13-Apr-22| 20:51| 51,712 \nceipfwdai.dll| 6.3.9600.20367| 13-Apr-22| 20:46| 228,352 \nbcdeditai.dll| 6.3.9600.19991| 22-Mar-21| 22:00| 287,232 \nappxreg.dll| 6.3.9600.19991| 22-Mar-21| 22:34| 14,848 \nRegisterIEPKeysAI.dll| 6.3.9600.19991| 22-Mar-21| 21:56| 19,968 \ncmipnpinstall.dll| 6.3.9600.19991| 22-Mar-21| 22:42| 248,832 \nappserverai.dll| 6.3.9600.20367| 13-Apr-22| 21:27| 146,432 \nRDWebAI.dll| 6.3.9600.20367| 13-Apr-22| 21:08| 140,800 \ntssdisai.dll| 6.3.9600.20367| 13-Apr-22| 21:06| 156,160 \nVmHostAI.dll| 6.3.9600.20367| 13-Apr-22| 21:11| 123,392 \nsecurebootai.dll| 6.3.9600.20367| 13-Apr-22| 20:54| 66,560 \nwinsockai.dll| 6.3.9600.19991| 22-Mar-21| 21:57| 69,632 \nws2_helper.dll| 6.3.9600.17477| 30-Oct-14| 15:33| 62,976 \ncleanupai.dll| 6.3.9600.19991| 22-Mar-21| 21:58| 33,792 \nwdscore.dll| 6.3.9600.19402| 24-Jun-19| 18:49| 276,480 \nCntrtextInstaller.dll| 6.3.9600.19991| 22-Mar-21| 22:02| 153,088 \ndrvstore.dll| 6.3.9600.19402| 24-Jun-19| 18:54| 744,960 \ndpx.dll| 6.3.9600.19402| 24-Jun-19| 18:38| 345,088 \nmsdelta.dll| 6.3.9600.19402| 24-Jun-19| 18:50| 499,712 \nmspatcha.dll| 6.3.9600.19402| 24-Jun-19| 18:55| 46,080 \ncmiv2.dll| 6.3.9600.20327| 7-Mar-22| 22:11| 3,300,352 \ncmiaisupport.dll| 6.3.9600.20327| 7-Mar-22| 21:27| 3,154,944 \ncmitrust.dll| 6.3.9600.20367| 13-Apr-22| 20:52| 418,304 \nWcmTypes.xsd| Not versioned| 18-Jun-13| 8:30| 1,047 \nCbsMsg.dll| 6.3.9600.17477| 30-Oct-14| 15:33| 42,496 \nCbsCore.dll| 6.3.9600.20367| 13-Apr-22| 20:28| 1,606,656 \nTiWorker.exe| 6.3.9600.17477| 30-Oct-14| 15:33| 193,024 \nTiFileFetcher.exe| 6.3.9600.20327| 7-Mar-22| 21:26| 427,520 \nDrUpdate.dll| 6.3.9600.20327| 7-Mar-22| 21:35| 246,784 \nwrpint.dll| 6.3.9600.19402| 24-Jun-19| 18:39| 66,048 \nwcp.dll| 6.3.9600.20367| 13-Apr-22| 20:55| 2,854,912 \ncmiadapter.dll| 6.3.9600.20367| 13-Apr-22| 20:50| 139,264 \nsmiengine.dll| 6.3.9600.20367| 13-Apr-22| 20:38| 922,624 \nsmipi.dll| 6.3.9600.20367| 13-Apr-22| 20:52| 65,536 \npoqexec.exe| 6.3.9600.20327| 7-Mar-22| 22:27| 146,432 \namd64_installed| Not versioned| 18-Jun-13| 7:49| 9 \nbfsvc.dll| 6.3.9600.19991| 22-Mar-21| 21:55| 77,312 \ntimezoneai.dll| 6.3.9600.20367| 13-Apr-22| 20:55| 101,888 \nGlobalInstallOrder.xml| Not versioned| 18-Jun-13| 8:34| 1,249,919 \nluainstall.dll| 6.3.9600.19991| 22-Mar-21| 21:59| 53,248 \nfveupdateai.dll| 6.3.9600.20367| 13-Apr-22| 20:50| 61,952 \nmofinstall.dll| 6.3.9600.19991| 22-Mar-21| 21:59| 67,072 \nesscli.dll| 6.3.9600.19402| 24-Jun-19| 18:47| 388,608 \nmofd.dll| 6.3.9600.19991| 22-Mar-21| 21:57| 248,320 \nrepdrvfs.dll| 6.3.9600.17475| 28-Oct-14| 17:31| 350,208 \nfastprox.dll| 6.3.9600.19402| 24-Jun-19| 18:46| 854,016 \nwbemcomn.dll| 6.3.9600.19402| 24-Jun-19| 18:49| 453,632 \nwbemcore.dll| 6.3.9600.20367| 13-Apr-22| 20:49| 1,148,928 \nwmiutils.dll| 6.3.9600.17475| 28-Oct-14| 17:34| 111,104 \nwbemprox.dll| 6.3.9600.17475| 28-Oct-14| 17:33| 35,840 \nwmicmiplugin.dll| 6.3.9600.19991| 22-Mar-21| 21:49| 508,928 \nsppinst.dll| 6.3.9600.20327| 7-Mar-22| 21:25| 769,024 \ncmifw.dll| 6.3.9600.19991| 22-Mar-21| 21:57| 97,280 \nFirewallOfflineAPI.dll| 6.3.9600.17475| 28-Oct-14| 17:40| 166,912 \nNetSetupAI.dll| 6.3.9600.20367| 13-Apr-22| 20:54| 65,024 \nNetSetupApi.dll| 6.3.9600.17475| 28-Oct-14| 17:39| 184,832 \nhttpai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 55,296 \npeerdistai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 65,024 \nPrintAdvancedInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:41| 99,328 \nmsdtcadvancedinstaller.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 215,040 \nnetfxconfig.dll| 6.3.9600.19991| 23-Mar-21| 11:59| 40,448 \nConfigureIEOptionalComponentsAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 76,800 \nIEFileInstallAI.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 66,560 \nservicemodelregai.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 96,768 \nSetIEInstalledDateAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 49,152 \nceipfwdai.dll| 6.3.9600.20327| 7-Mar-22| 20:32| 197,632 \nbcdeditai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 271,360 \nappxreg.dll| 6.3.9600.19991| 23-Mar-21| 11:51| 19,968 \nRegisterIEPKeysAI.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 23,040 \ncmipnpinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:57| 195,072 \nsecurebootai.dll| 6.3.9600.20367| 13-Apr-22| 20:44| 61,952 \nwinsockai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 71,680 \nws2_helper.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 50,176 \ncleanupai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 37,376 \nwdscore.dll| 6.3.9600.19402| 24-Jun-19| 18:32| 208,384 \nCntrtextInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:31| 128,000 \ndrvstore.dll| 6.3.9600.19402| 24-Jun-19| 18:35| 610,304 \ndpx.dll| 6.3.9600.19402| 24-Jun-19| 18:25| 265,216 \nmsdelta.dll| 6.3.9600.19402| 24-Jun-19| 18:33| 398,336 \nmspatcha.dll| 6.3.9600.19402| 24-Jun-19| 18:36| 36,864 \ncmiv2.dll| 6.3.9600.20327| 7-Mar-22| 21:01| 2,257,408 \ncmiaisupport.dll| 6.3.9600.20327| 7-Mar-22| 20:33| 2,162,688 \ncmitrust.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 286,720 \nWcmTypes.xsd| Not versioned| 18-Jun-13| 6:06| 1,047 \nCbsMsg.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 41,984 \nCbsCore.dll| 6.3.9600.20367| 13-Apr-22| 20:27| 1,379,840 \nTiWorker.exe| 6.3.9600.17477| 30-Oct-14| 15:37| 190,464 \nTiFileFetcher.exe| 6.3.9600.20327| 7-Mar-22| 20:32| 355,328 \nDrUpdate.dll| 6.3.9600.19402| 24-Jun-19| 18:34| 202,240 \nwrpint.dll| 6.3.9600.19402| 24-Jun-19| 18:26| 56,320 \nwcp.dll| 6.3.9600.20367| 13-Apr-22| 20:45| 2,409,472 \ncmiadapter.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 121,856 \nsmiengine.dll| 6.3.9600.20327| 7-Mar-22| 20:28| 750,080 \nsmipi.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 59,904 \npoqexec.exe| 6.3.9600.19651| 12-Feb-20| 21:06| 129,536 \nx86_installed| Not versioned| 18-Jun-13| 5:26| 9 \nbfsvc.dll| 6.3.9600.19991| 23-Mar-21| 11:24| 74,752 \ntimezoneai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 86,528 \nGlobalInstallOrder.xml| Not versioned| 18-Jun-13| 6:12| 1,249,919 \nluainstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 43,008 \nfveupdateai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 57,344 \nmofinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 64,000 \nesscli.dll| 6.3.9600.19402| 24-Jun-19| 18:31| 293,376 \nmofd.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 204,800 \nrepdrvfs.dll| 6.3.9600.17475| 28-Oct-14| 17:13| 276,992 \nfastprox.dll| 6.3.9600.19402| 24-Jun-19| 18:30| 670,208 \nwbemcomn.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 386,048 \nwbemcore.dll| 6.3.9600.20367| 13-Apr-22| 20:41| 925,696 \nwmiutils.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 90,624 \nwbemprox.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 29,696 \nwmicmiplugin.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 392,704 \nsppinst.dll| 6.3.9600.19402| 24-Jun-19| 18:25| 646,656 \ncmifw.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 80,896 \nFirewallOfflineAPI.dll| 6.3.9600.17475| 28-Oct-14| 17:18| 140,800 \nNetSetupAI.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 55,296 \nNetSetupApi.dll| 6.3.9600.17475| 28-Oct-14| 17:17| 124,928 \n \n### \n\n__\n\nFor all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nhttpai.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 50,464 \npeerdistai.dll| 6.3.9600.20327| 7-Mar-22| 21:37| 60,192 \nPrintAdvancedInstaller.dll| 6.3.9600.19991| 24-Mar-21| 1:18| 89,360 \nmsdtcadvancedinstaller.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 194,336 \nnetfxconfig.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 38,176 \nConfigureIEOptionalComponentsAI.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 71,992 \nIEFileInstallAI.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 60,704 \nservicemodelregai.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 97,056 \nSetIEInstalledDateAI.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 46,368 \nceipfwdai.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 172,320 \nbcdeditai.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 267,536 \nappxreg.dll| 6.3.9600.19991| 24-Mar-21| 1:18| 21,776 \nRegisterIEPKeysAI.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 24,352 \ncmipnpinstall.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 190,736 \nsecurebootai.dll| 6.3.9600.20367| 13-Apr-22| 21:43| 58,656 \nwinsockai.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 65,296 \nws2_helper.dll| 6.3.9600.16384| 21-Aug-13| 20:58| 54,120 \ncleanupai.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 37,136 \nwdscore.dll| 6.3.9600.17475| 31-Oct-14| 0:07| 192,848 \nCntrtextInstaller.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 128,288 \ndrvstore.dll| 6.3.9600.19537| 10-Oct-19| 20:08| 534,280 \ndpx.dll| 6.3.9600.19537| 10-Oct-19| 20:08| 273,672 \nmsdelta.dll| 6.3.9600.16384| 21-Aug-13| 20:58| 407,400 \nmspatcha.dll| 6.3.9600.16384| 21-Aug-13| 20:58| 42,352 \ncmiv2.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 2,503,968 \ncmiaisupport.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 2,395,424 \ncmitrust.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 298,784 \nWcmTypes.xsd| Not versioned| 18-Jun-13| 8:30| 1,047 \nCbsMsg.dll| 6.3.9600.17031| 22-Feb-14| 3:48| 48,488 \nCbsCore.dll| 6.3.9600.20367| 13-Apr-22| 21:44| 1,235,744 \nTiWorker.exe| 6.3.9600.17031| 22-Feb-14| 0:30| 186,368 \nTiFileFetcher.exe| 6.3.9600.20327| 7-Mar-22| 21:36| 333,088 \nDrUpdate.dll| 6.3.9600.19537| 10-Oct-19| 20:08| 188,168 \nwrpint.dll| 6.3.9600.17031| 22-Feb-14| 3:48| 56,680 \nwcp.dll| 6.3.9600.20367| 13-Apr-22| 21:45| 2,089,784 \ncmiadapter.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 103,712 \nsmiengine.dll| 6.3.9600.20367| 13-Apr-22| 21:44| 631,072 \nsmipi.dll| 6.3.9600.20327| 7-Mar-22| 21:37| 57,120 \npoqexec.exe| 6.3.9600.19724| 20-May-20| 3:25| 104,960 \narm_installed| Not versioned| 18-Jun-13| 7:51| 9 \nbfsvc.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 72,464 \ntimezoneai.dll| 6.3.9600.20327| 7-Mar-22| 21:36| 79,648 \nGlobalInstallOrder.xml| Not versioned| 18-Jun-13| 8:34| 1,249,919 \nluainstall.dll| 6.3.9600.19991| 24-Mar-21| 1:17| 50,448 \nfveupdateai.dll| 6.3.9600.20327| 7-Mar-22| 21:37| 54,072 \nmofinstall.dll| 6.3.9600.19991| 24-Mar-21| 1:05| 59,664 \nesscli.dll| 6.3.9600.19537| 10-Oct-19| 19:45| 306,440 \nmofd.dll| 6.3.9600.19991| 24-Mar-21| 1:05| 190,728 \nrepdrvfs.dll| 6.3.9600.16384| 21-Aug-13| 20:54| 272,744 \nfastprox.dll| 6.3.9600.19537| 10-Oct-19| 19:45| 664,056 \nwbemcomn.dll| 6.3.9600.16384| 21-Aug-13| 20:54| 364,392 \nwbemcore.dll| 6.3.9600.20367| 13-Apr-22| 21:42| 948,016 \nwmiutils.dll| 6.3.9600.16384| 21-Aug-13| 20:54| 96,104 \nwbemprox.dll| 6.3.9600.16384| 21-Aug-13| 20:54| 36,712 \nwmicmiplugin.dll| 6.3.9600.19991| 24-Mar-21| 1:05| 418,568 \nsppinst.dll| 6.3.9600.19537| 10-Oct-19| 19:45| 531,424 \ncmifw.dll| 6.3.9600.19991| 24-Mar-21| 0:54| 80,144 \nFirewallOfflineAPI.dll| 6.3.9600.17475| 31-Oct-14| 0:07| 136,528 \nNetSetupAI.dll| 6.3.9600.20327| 7-Mar-22| 21:30| 55,096 \nNetSetupApi.dll| 6.3.9600.16384| 21-Aug-13| 19:17| 131,584 \nhttpai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 55,296 \npeerdistai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 65,024 \nPrintAdvancedInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:41| 99,328 \nmsdtcadvancedinstaller.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 215,040 \nnetfxconfig.dll| 6.3.9600.19991| 23-Mar-21| 11:59| 40,448 \nConfigureIEOptionalComponentsAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 76,800 \nIEFileInstallAI.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 66,560 \nservicemodelregai.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 96,768 \nSetIEInstalledDateAI.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 49,152 \nceipfwdai.dll| 6.3.9600.20327| 7-Mar-22| 20:32| 197,632 \nbcdeditai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 271,360 \nappxreg.dll| 6.3.9600.19991| 23-Mar-21| 11:51| 19,968 \nRegisterIEPKeysAI.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 23,040 \ncmipnpinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:57| 195,072 \nsecurebootai.dll| 6.3.9600.20367| 13-Apr-22| 20:44| 61,952 \nwinsockai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 71,680 \nws2_helper.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 50,176 \ncleanupai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 37,376 \nwdscore.dll| 6.3.9600.19537| 10-Oct-19| 18:41| 208,384 \nCntrtextInstaller.dll| 6.3.9600.19991| 23-Mar-21| 11:31| 128,000 \ndrvstore.dll| 6.3.9600.19537| 10-Oct-19| 18:45| 610,304 \ndpx.dll| 6.3.9600.19537| 10-Oct-19| 18:35| 265,216 \nmsdelta.dll| 6.3.9600.19537| 10-Oct-19| 18:42| 398,336 \nmspatcha.dll| 6.3.9600.19537| 10-Oct-19| 18:46| 36,864 \ncmiv2.dll| 6.3.9600.20327| 7-Mar-22| 21:01| 2,257,408 \ncmiaisupport.dll| 6.3.9600.20327| 7-Mar-22| 20:33| 2,162,688 \ncmitrust.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 286,720 \nWcmTypes.xsd| Not versioned| 18-Jun-13| 6:06| 1,047 \nCbsMsg.dll| 6.3.9600.17477| 30-Oct-14| 15:37| 41,984 \nCbsCore.dll| 6.3.9600.20367| 13-Apr-22| 20:27| 1,379,840 \nTiWorker.exe| 6.3.9600.17477| 30-Oct-14| 15:37| 190,464 \nTiFileFetcher.exe| 6.3.9600.20327| 7-Mar-22| 20:32| 355,328 \nDrUpdate.dll| 6.3.9600.19537| 10-Oct-19| 18:44| 202,240 \nwrpint.dll| 6.3.9600.19537| 10-Oct-19| 18:35| 56,320 \nwcp.dll| 6.3.9600.20367| 13-Apr-22| 20:45| 2,409,472 \ncmiadapter.dll| 6.3.9600.20327| 7-Mar-22| 20:35| 121,856 \nsmiengine.dll| 6.3.9600.20327| 7-Mar-22| 20:28| 750,080 \nsmipi.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 59,904 \npoqexec.exe| 6.3.9600.19724| 20-May-20| 3:54| 129,536 \nx86_installed| Not versioned| 18-Jun-13| 5:26| 9 \nbfsvc.dll| 6.3.9600.19991| 23-Mar-21| 11:24| 74,752 \ntimezoneai.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 86,528 \nGlobalInstallOrder.xml| Not versioned| 18-Jun-13| 6:12| 1,249,919 \nluainstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 43,008 \nfveupdateai.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 57,344 \nmofinstall.dll| 6.3.9600.19991| 23-Mar-21| 11:28| 64,000 \nesscli.dll| 6.3.9600.19537| 10-Oct-19| 18:40| 293,376 \nmofd.dll| 6.3.9600.19991| 23-Mar-21| 11:26| 204,800 \nrepdrvfs.dll| 6.3.9600.17475| 28-Oct-14| 17:13| 276,992 \nfastprox.dll| 6.3.9600.19537| 10-Oct-19| 18:40| 670,208 \nwbemcomn.dll| 6.3.9600.20327| 7-Mar-22| 20:36| 386,048 \nwbemcore.dll| 6.3.9600.20367| 13-Apr-22| 20:41| 925,696 \nwmiutils.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 90,624 \nwbemprox.dll| 6.3.9600.17475| 28-Oct-14| 17:14| 29,696 \nwmicmiplugin.dll| 6.3.9600.19991| 23-Mar-21| 11:23| 392,704 \nsppinst.dll| 6.3.9600.19537| 10-Oct-19| 18:35| 646,656 \ncmifw.dll| 6.3.9600.19991| 23-Mar-21| 11:25| 80,896 \nFirewallOfflineAPI.dll| 6.3.9600.17475| 28-Oct-14| 17:18| 140,800 \nNetSetupAI.dll| 6.3.9600.19991| 23-Mar-21| 11:29| 55,296 \nNetSetupApi.dll| 6.3.9600.17475| 28-Oct-14| 17:17| 124,928 \n \n## **References**\n\nFor information on SSUs, see the following articles:\n\n * [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>)\n * [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>)\n * [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001>)\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "KB5014025: Servicing stack update for Windows 8.1, RT 8.1, and Server 2012 R2: May 10, 2022", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014025", "href": "https://support.microsoft.com/en-us/help/5014025", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:36:00", "description": "None\n## **Summary**\n\nLearn more about this security update, including improvements, any known issues, and how to get the update. \n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issues:\n\n * The Key Distribution Center (KDC) code incorrectly returns error message **KDC_ERR_TGT_REVOKED** during Domain Controller shutdown.\n * The Primary Domain Controller (PDC) for the root domain incorrectly logs warning and error events in the System log when trying to scan outbound-only trusts.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [May 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update on your Windows Server 2012 R2 servers used as domain controllers, you might see authentication failures on the server or client for services such as [Network Policy Server (NPS)](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>), [Routing and Remote access Service (RRAS)](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140\$v=ws.11\$>), [Radius](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fwin32%2Fnps%2Fias-radius-authentication-and-accounting&data=05%7C01%7Cv-throbe%40microsoft.com%7C3b0f7edfbfda4abeee3a08da33bf5b1c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637879194213242612%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=j1pcQXV6IcYG5NyA6e%2FfSSRk%2BeFUVKjGZnLjM0r9K3c%3D&reserved=0>), [Extensible Authentication Protocol (EAP)](<https://docs.microsoft.com/windows-server/networking/technologies/extensible-authentication-protocol/network-access>), and [Protected Extensible Authentication Protocol (PEAP)](<https://docs.microsoft.com/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d>). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices.| Install update [KB5014986](<https://support.microsoft.com/help/5014986>) on Windows Server 2012 R2 servers used as domain controllers and intermediary application servers which authenticate to domain controllers. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014025](<https://support.microsoft.com/help/5014025>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014001>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5014001](<https://download.microsoft.com/download/3/5/1/35119cf5-242b-4f5d-b9f0-afb4a7303e9b/5014001.csv>). \n\n## **References**\n\nFor information about the security updates released on May 10, 2022, see [Security update deployment information: May 10, 2022 (KB5014317)](<https://support.microsoft.com/help/5014317>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T07:00:00", "type": "mskb", "title": "May 10, 2022\u2014KB5014001 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30138"], "modified": "2022-05-12T07:00:00", "id": "KB5014001", "href": "https://support.microsoft.com/en-us/help/5014001", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-05-17T23:29:17", "description": "## **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 75 vulnerabilities in the May 2022 update, including one advisory ( [ADV220001](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220001>)**1** ) for Azure in response to [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972>), a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability, and eight (8) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE) or Elevation of Privileges. This month\u2019s Patch Tuesday release includes fixes for two (2) other zero-day vulnerabilities as well: one known to be actively exploited ([CVE-2022-26925](<http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925>)) and the other for being publicly exposed ([CVE-2022-22713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713>)).\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing vulnerabilities.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/2022-05-May-Summary-3.png)\n\n## Notable Microsoft Vulnerabilities Patched\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-May>) covers multiple Microsoft product families, including Azure, Developer Tools, Extended Security Update (ESU), Exchange Server, Microsoft Office, and Windows. A total of 97 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, Security Update, and ServicingStackUpdate.\n\nThe **most urgent bug** Microsoft addressed this month is [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>), a weakness in a central component of Windows security (the \u201cLocal Security Authority\u201d (LSARPC) process within Windows). CVE-2022-26925 has been publicly disclosed and it is now actively being exploited in the wild. \n\n### [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>)** | Windows LSA Spoofing Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10. \n\n_Please note that the combined CVSS score would be 9.8 when this vulnerability is chained with the noted NTLM Relay Attacks on Active Directory Certificate Services (AD CS)._ _Please see [ADV210003 Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>) for additional information._\n\nThe vulnerability affects Windows 7 through 10 and Windows Server 2008 through 2022. While this vulnerability affects all servers, domain controllers should be prioritized in terms of applying security updates. After applying the security updates, please see [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>) for more information on further steps that you need to take to protect your system. \n\nAn unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.\n\nAccording to the CVSS metric, the attack complexity is high. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim in order to read or modify network communications. This is called a man-in-the-middle (MITM) attack.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n### **[CVE-2022-21978](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978>) | Microsoft Exchange Server Elevation of Privilege Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.2/10.\n\nSuccessful exploitation of this vulnerability requires the attacker to be authenticated to the Exchange Server as a member of a high privileged group.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### **[CVE-2022-22012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012>)** **and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130>) | Windows LDAP Remote Code Execution (RCE) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. \n\nThis vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see Microsoft's [LDAP policies](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n**[CVE-2022-22017](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017>) | Remote Desktop Client Remote Code Execution Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### **[CVE-2022-26913](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26913>) | Windows Authentication Security Feature Bypass Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.4/10.\n\nAn attacker who successfully exploited this vulnerability could carry out a Man-in-the-Middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### **[CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>) | Active Directory Domain Services Elevation of Privilege Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [**CVE-2022-26937**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)** | Windows Network File System Remote Code Execution Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nThis vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3. _This may adversely affect your ecosystem and should only be used as a temporary mitigation._\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [**CVE-2022-29108**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108>)** | Microsoft SharePoint Server Remote Code Execution Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [**CVE-2022-29133**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29133>)** | Windows Kernel Elevation of Privilege Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn this case, a successful attack could be performed from a low privilege [AppContainer](<https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation>). The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n## Microsoft Last But Not Least\n\nOn April 28, 2022, Microsoft released 36 vulnerabilities for Microsoft Edge (Chromium-based) including [CVE-2022-29144](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144>) which is classified as **_Important, _**and [CVE-2022-29146](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146>) which is classified as **_Moderate_**. Both flaws are Elevation of Privilege vulnerabilities and have been assigned a CVSSv3.1 score of 8.3/10.\n\nOn May 6, 2022, Microsoft Build announced that there are some [Site compatibility-impacting changes coming to Microsoft Edge](<https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes>) for developers. This article lists differences between the schedule of changes for Microsoft Edge versus the Chromium project, and high-impact changes that the Microsoft Edge team is tracking especially closely.\n\n* * *\n\n## Notable Adobe Vulnerabilities Patched\n\nAdobe released five (5) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 18 vulnerabilities affecting Character Animator, ColdFusion, Framemaker, InCopy, and InDesign. Of these 18 vulnerabilities, 16 are rated as **_Critical_**.\n\n* * *\n\n### [APSB22-21](<https://helpx.adobe.com/security/products/character_animator/apsb22-21.html>)** | Security Updates Available for Adobe Character Animator**\n\nThis update resolves one (1) **_Critical_** vulnerability. \n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-22](<https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html>)** | Security updates available for Adobe ColdFusion**\n\nThis update resolves one (1) **_Important _**vulnerability. \n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve an important vulnerability that could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-23](<https://helpx.adobe.com/security/products/indesign/apsb22-23.html>)** | Security Update Available for Adobe InDesign**\n\nThis update resolves three (3) **_Critical _**vulnerabilities. \n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe InDesign. This update addresses critical vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-27](<https://helpx.adobe.com/security/products/framemaker/apsb22-27.html>)** | Security Updates Available for Adobe Framemaker**\n\nThis update resolves nine (9) **_Critical _**and one (1)_ **Important **_vulnerability. \n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Framemaker. This update addresses one important and multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leaks.\n\n* * *\n\n### [APSB22-28](<https://helpx.adobe.com/security/products/incopy/apsb22-28.html>)** | Security Update Available for Adobe InCopy**\n\nThis update resolves three (3) **_Critical _**vulnerabilities. \n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe InCopy. This update addresses critical vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n## About Qualys Patch Tuesday\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`50120` OR qid:`91894` OR qid:`91895` OR qid:`91896` OR qid:`91897` OR qid:`91898` OR qid:`91899` OR qid:`91900` OR qid:`91901` OR qid:`91903` OR qid:`91904` OR qid:`91905` OR qid:`91906` OR qid:`110407` OR qid:`110408` OR qid:`376584` )\n\n![VMDR-MAY2022](https://blog.qualys.com/wp-content/uploads/2022/05/VMDR-May2022.png)\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday:\n \n \n ( qid:`50120` OR qid:`91894` OR qid:`91895` OR qid:`91896` OR qid:`91897` OR qid:`91898` OR qid:`91899` OR qid:`91900` OR qid:`91901` OR qid:`91903` OR qid:`91904` OR qid:`91905` OR qid:`91906` OR qid:`110407` OR qid:`110408` OR qid:`376584` )\n\n![PATCH-MAY2022](https://blog.qualys.com/wp-content/uploads/2022/05/PATCH-May2022.png)\n\n* * *\n\n## \nQualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n* * *\n\n**1** Please visit [Qualys Threat Protection Blog](<https://threatprotect.qualys.com/2022/05/10/microsoft-releases-patch-for-the-third-party-odbc-driver-remote-code-execution-vulnerability-cve-2022-29972/>) for additional information about Microsoft Advisory ADV220001.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T19:29:16", "type": "qualysblog", "title": "May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21978", "CVE-2022-22012", "CVE-2022-22017", "CVE-2022-22713", "CVE-2022-26913", "CVE-2022-26923", "CVE-2022-26925", "CVE-2022-26937", "CVE-2022-29108", "CVE-2022-29130", "CVE-2022-29133", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29972"], "modified": "2022-05-10T19:29:16", "id": "QUALYSBLOG:7BB591052411447A2B315456D50D258C", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2022-07-05T04:57:50", "description": "Windows LSA Spoofing Vulnerability.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-10T00:00:00", "type": "attackerkb", "title": "CVE-2022-26925", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26925"], "modified": "2022-05-10T00:00:00", "id": "AKB:C3852904-E628-40EE-9AD4-445FC1899CF7", "href": "https://attackerkb.com/topics/vfyTk7fBGp/cve-2022-26925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-01T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows LSA Spoofing Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26925"], "modified": "2022-07-01T00:00:00", "id": "CISA-KEV-CVE-2022-26925", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "githubexploit": [{"lastseen": "2022-10-14T23:31:13", "description": "# CVE-2022-26937\n\nA package to detect CVE-2022-26937, a vulnerab...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T18:36:45", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-10-14T21:51:05", "id": "790799A0-53ED-5602-9A75-82ED948CDD27", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-11-21T05:30:41", "description": "# Windows Network File System Crash PoC #\n## CVE-2022-26937 ##\n\n...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-17T01:42:55", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-11-21T03:23:44", "id": "A16AF2D6-A293-5D61-805B-E5ADAE02799C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-06-21T02:26:14", "description": "# Windows Network File System Crash PoC #\n## CVE-2022-26937 ##\n\n...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-21T00:12:32", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-06-21T00:13:26", "id": "8A8AB8F5-563E-5796-B6A2-8D4033E3EB25", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-12-12T05:31:18", "description": "# Windows Network File System Crash PoC #\n## CVE-2022-26937 ##\n\n...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-07T18:08:09", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937"], "modified": "2022-12-12T03:48:11", "id": "940BBB90-C055-5DBF-9C23-3CC67D2D239E", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "hivepro": [{"lastseen": "2022-05-20T03:31:04", "description": "For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 650 3 1 14 10 13 The second week of May 2022 witnessed the discovery of 650 vulnerabilities out of which 3 gained the attention of Threat Actors and security researchers worldwide. All 3 of them are zero days. Hive Pro Threat Research Team has curated a list of 3 CVEs that require immediate action. Further, we also observed Threat Actor groups being highly active in the last week. Oilrig, an Iranian threat actor group popular for Information theft and espionage, was observed targeting Jordan with phishing emails. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2022-26925* CVE-2022-22713* CVE-2022-29972* https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972 *zero-day vulnerability Active Actors: Icon Name Origin Motive OilRig (APT 34, Helix Kitten, Twisted Kitten, Crambus , Chrysene, Cobalt Gypsy, TA452, IRN2, ATK 40, ITG13) Iran Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0005: Defense Evasion TA0007: Discovery TA0011: Command and Control TA0010: Exfiltration TA0006: Credential Access T1588: Obtain Capabilities T1190: Exploit Public-Facing Application T1059: Command and Scripting Interpreter T1480: Execution Guardrails T1087: Account Discovery T1071: Application Layer Protocol T1041: Exfiltration Over C2 Channel T1557: Adversary-in-the-Middle T1588.006: Vulnerabilities T1059.001: PowerShell T1087.001: Local Account T1071.004: DNS T1059.003: Windows Command Shell T1083: File and Directory Discovery T1132: Data Encoding T1053: Scheduled Task/Job T1049: System Network Connections Discovery T1132.002: Non-Standard Encoding T1053.005: Scheduled Task T1568: Dynamic Resolution T1204: User Execution T1568.002: Domain Generation Algorithms T1204.002: Malicious File T1047: Windows Management Instrumentation Threat Advisories: Three zero-days addressed in Microsoft\u2019s May 2022 Patch Tuesday OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T03:20:31", "type": "hivepro", "title": "Weekly Threat Digest: 9-15 May 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22713", "CVE-2022-26925", "CVE-2022-29972"], "modified": "2022-05-19T03:20:31", "id": "HIVEPRO:9ED793E90599B498499D6CB773C9F42F", "href": "https://www.hivepro.com/weekly-threat-digest-9-15-may-2022/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T03:31:04", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability (CVE-2022-26925) is actively exploited in the wild and allows an unauthenticated attacker to call a method on the LSARPC interface and compel the domain controller to use NTLM to authenticate the attacker. Successful exploitation of the second zero-day vulnerability(CVE-2022-22713) requires an attacker to win a race condition. The third zero-day vulnerability affects the Microsoft Integration Runtime services in the Magnitude Simba Amazon Redshift ODBC Driver. Organizations have advised the patch of all these vulnerabilities as soon as possible to avoid exploitation. Potential MITRE ATT&CK TTPs are: TA0042: Resource Development T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities TA0001: Initial Access T1190: Exploit Public-Facing Application TA0006: Credential Access T1557: Adversary-in-the-Middle Vulnerability Details Patch Links https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972 References https://msrc.microsoft.com/update-guide/releaseNote/2022-May", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T02:16:37", "type": "hivepro", "title": "Three zero-days addressed in Microsoft\u2019s May 2022 Patch Tuesday", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22713", "CVE-2022-26925", "CVE-2022-29972"], "modified": "2022-05-13T02:16:37", "id": "HIVEPRO:846D6C3457AE99FD0B4F29A6398D6F81", "href": "https://www.hivepro.com/three-zero-days-addressed-in-microsofts-may-2022-patch-tuesday/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2022-08-15T12:01:45", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15093042/abstract_digital_report-990x400.jpg)\n\n * **IT threat evolution in Q2 2022**\n * [IT threat evolution in Q2 2022. Non-mobile statistics](<https://securelist.com/it-threat-evolution-in-q2-2022-non-mobile-statistics/107133/>)\n * [IT threat evolution in Q2 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/>)\n\n## Targeted attacks\n\n### New technique for installing fileless malware\n\nEarlier this year, we [discovered a malicious campaign](<https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/>) that employed a new technique for installing fileless malware on target machines by injecting a shellcode directly into Windows event logs. The attackers were using this to hide a last-stage Trojan in the file system.\n\nThe attack starts by driving targets to a legitimate website and tricking them into downloading a compressed RAR file that is booby-trapped with the network penetration testing tools Cobalt Strike and SilentBreak. The attackers use these tools to inject code into any process of their choosing. They inject the malware directly into the system memory, leaving no artifacts on the local drive that might alert traditional signature-based security and forensics tools. While fileless malware is nothing new, the way the encrypted shellcode containing the malicious payload is embedded into Windows event logs is.\n\nThe code is unique, with no similarities to known malware, so it is unclear who is behind the attack.\n\n### WinDealer's man-on-the-side spyware\n\nWe recently published [our analysis of WinDealer](<https://securelist.com/windealer-dealing-on-the-side/105946/>): malware developed by the LuoYu APT threat actor. One of the most interesting aspects of this campaign is the group's use of a man-on-the-side attack to deliver malware and control compromised computers. A man-on-the-side attack implies that the attacker is able to control the communication channel, allowing them to read the traffic and inject arbitrary messages into normal data exchange. In the case of WinDealer, the attackers intercepted an update request from completely legitimate software and swapped the update file with a weaponized one.\n\n[![Observed WinDealer infection flow](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/02/28142531/WinDealer_dealing_on_the_side_02-1024x398.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/02/28142531/WinDealer_dealing_on_the_side_02.png>)\n\nThe malware does not contain the exact address of the C2 (command-and-control) server, making it harder for security researchers to find it. Instead, it tries to access a random IP address from a predefined range. The attackers then intercept the request and respond to it. To do this, they need constant access to the routers of the entire subnet, or to some advanced tools at ISP level.\n\n[![Geographic distribution of WinDealer victims](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/02/28142736/WinDealer_dealing_on_the_side_05-1024x408.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/02/28142736/WinDealer_dealing_on_the_side_05.png>)\n\nThe vast majority of WinDealer's targets are located in China: foreign diplomatic organizations, members of the academic community, or companies active in the defense, logistics or telecoms sectors. Sometimes, though, the LuoYu APT group will infect targets in other countries: Austria, the Czech Republic, Germany, India, Russia and the US. In recent months, they have also become more interested in businesses located in other East Asian countries and their China-based offices.\n\n### ToddyCat: previously unknown threat actor attacks high-profile organizations in Europe and Asia\n\nIn June, we published [our analysis of ToddyCat](<https://securelist.com/toddycat/106799/>), a relatively new APT threat actor that we have not been able to link to any other known actors. The first wave of attacks, against a limited number of servers in Taiwan and Vietnam, targeted Microsoft Exchange servers, which the threat actor compromised with Samurai, a sophisticated passive backdoor that typically works via ports 80 and 443. The malware allows arbitrary C# code execution and is used alongside multiple modules that let the attacker administer the remote system and move laterally within the targeted network. In certain cases, the attackers have used the Samurai backdoor to launch another sophisticated malicious program, which we dubbed Ninja. This is probably a component of an unknown post-exploitation toolkit exclusively used by ToddyCat.\n\nThe next wave saw a sudden surge in attacks, as the threat actor began abusing the ProxyLogon vulnerability to target organizations in multiple countries, including Iran, India, Malaysia, Slovakia, Russia and the UK.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/21075720/APT_ToddyCat_map-1024x576.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/21075720/APT_ToddyCat_map.png>)\n\nSubsequently, we observed other variants and campaigns, which we attributed to the same group. In addition to affecting most of the previously mentioned countries, the threat actor targeted military and government organizations in Indonesia, Uzbekistan and Kyrgyzstan. The attack surface in the third wave was extended to desktop systems.\n\n### SessionManager IIS backdoor\n\nIn 2021, we observed a trend among certain threat actors for deploying a backdoor within IIS after exploiting one of the ProxyLogon-type vulnerabilities in Microsoft Exchange. Dropping an IIS module as a backdoor enables threat actors to maintain persistent, update-resistant and relatively stealthy access to the IT infrastructure of a target organization \u2014 to collect emails, update further malicious access or clandestinely manage compromised servers.\n\nWe published our analysis of one such IIS backdoor, called [Owowa](<https://securelist.com/owowa-credential-stealer-and-remote-access/105219/>), last year. Early this year, we investigated another, [SessionManager](<https://securelist.com/the-sessionmanager-iis-backdoor/106868/>). Developed in C++, SessionManager is a malicious [native-code IIS module](<https://docs.microsoft.com/en-us/iis/web-development-reference/native-code-development-overview/creating-native-code-http-modules>). The attackers' aim is for it to be loaded by some IIS applications, to process legitimate HTTP requests that are continuously sent to the server. This kind of malicious modules usually expects seemingly legitimate but specifically crafted HTTP requests from their operators, triggers actions based on the operators' hidden instructions and then transparently passes the request to the server for it to be processed just as any other request.\n\n[![Figure 1. Malicious IIS module processing requests](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/29125614/The_SessionManager_IIS_backdoor_01-1024x576.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/29125614/The_SessionManager_IIS_backdoor_01.png>)\n\nAs a result, these modules are not easily spotted through common monitoring practices.\n\nSessionManager has been used to target NGOs and government organizations in Africa, South America, Asia, Europe and the Middle East.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/29125927/01-en-the-sessionmanager-iis-backdoor-1024x804.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/29125927/01-en-the-sessionmanager-iis-backdoor.png>)\n\nWe believe that this malicious IIS module may have been used by the GELSEMIUM threat actor, because of similar victim profiles and the use of a common [OwlProxy](<https://lab52.io/blog/chimera-apt-updates-on-its-owlproxy-malware/>) variant.\n\n## Other malware\n\n### Spring4Shell\n\nLate in March, researchers discovered a critical vulnerability (CVE-2022-22965) in Spring, an open-source framework for the Java platform. This is a Remote Code Execution (RCE) vulnerability, allowing an attacker to execute malicious code remotely on an unpatched computer. The vulnerability affects the Spring MVC and Spring WebFlux applications running under version 9 or later of the Java Development Kit. By analogy with the well-known Log4Shell vulnerability, this one was dubbed "Spring4Shell".\n\nBy the time researchers had reported it to VMware, a proof-of-concept exploit had already appeared on GitHub. It was quickly removed, but it is unlikely that cybercriminals would have failed to notice such a potentially dangerous vulnerability.\n\nYou can find more details, including appropriate mitigation steps, in our [blog post](<https://securelist.com/spring4shell-cve-2022-22965/106239/>).\n\n### Actively exploited vulnerability in Windows\n\nAmong the vulnerabilities fixed in May's "Patch Tuesday" update was [one that has been actively exploited in the wild](<https://www.kaspersky.com/blog/windows-actively-exploited-vulnerability-cve-2022-26925/44305/>). The Windows LSA (Local Security Authority) Spoofing Vulnerability ([CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>)) is not considered critical per se. However, when the vulnerability is used in a New Technology LAN Manager (NTLM) relay attack, the combined [CVSSv3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>) score for the attack-chain is 9.8. The vulnerability, which allows an unauthenticated attacker to force domain controllers to authenticate with an attacker's server using NTLM, was already being exploited in the wild as a zero-day, making it a priority to patch it.\n\n### Follina vulnerability in MSDT\n\nAt the end of May, researchers with the nao_sec team [reported](<https://twitter.com/nao_sec/status/1530196847679401984>) a new zero-day vulnerability in MSDT (the Microsoft Support Diagnostic Tool) that can be exploited using a malicious Microsoft Office document. The vulnerability, which has been designated as CVE-2022-30190 and has also been dubbed "Follina", affects all operating systems in the Windows family, both for desktops and servers.\n\nMSDT is used to collect diagnostic information and send it to Microsoft when something goes wrong with Windows. It can be called up from other applications via the special MSDT URL protocol; and an attacker can run arbitrary code with the privileges of the application that called up the MSD: in this case, the permissions of the user who opened the malicious document.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/08064948/01-en-cve-2022-30190-1024x804.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/08064948/01-en-cve-2022-30190.png>)\n\nKaspersky [has observed attempts](<https://securelist.com/cve-2022-30190-follina-vulnerability-in-msdt-description-and-counteraction/106703/>) to exploit this vulnerability in the wild; and we would expect to see more in the future, including ransomware attacks and data breaches.\n\n### BlackCat: a new ransomware gang\n\nIt was only a matter of time before another ransomware group filled the gap left by REvil and BlackMatter shutting down operations. Last December, advertisements for the services of the ALPHV group, also known as [BlackCat](<https://securelist.com/a-bad-luck-blackcat/106254/>), appeared on hacker forums, claiming that the group had learned from the errors of their predecessors and created an improved version of the malware.\n\nThe BlackCat creators use the ransomware-as-a-service (RaaS) model. They provide other attackers with access to their infrastructure and malicious code in exchange for a cut of the ransom. BlackCat gang members are probably also responsible for negotiating with victims. This is one reason why BlackCat has gained momentum so quickly: all that a "franchisee" has to do is obtain access to the target network.\n\nThe group's arsenal comprises several elements. One is the cryptor. This is written in the Rust language, allowing the attackers to create a cross-platform tool with versions of the malware that work both in Windows and Linux environments. Another is the Fendr utility (also known as ExMatter), used to exfiltrate data from the infected infrastructure. The use of this tool suggests that BlackCat may simply be a re-branding of the BlackMatter faction, since that was the only known gang to use the tool. Other tools include the PsExec tool, used for lateral movement on the victim's network; Mimikatz, the well-known hacker software; and the Nirsoft software, used to extract network passwords.\n\n### Yanluowang ransomware: how to recover encrypted files\n\nThe name Yanluowang is a reference to the Chinese deity Yanluo Wang, one of the Ten Kings of Hell. This ransomware is relatively recent. We do not know much about the victims, although data from the [Kaspersky Security Network](<https://www.kaspersky.com/ksn>) indicates that threat actor has carried out attacks in the US, Brazil, Turkey and a few other countries.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/15153446/01-en-yanlouwang-ransomware-1024x804.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/15153446/01-en-yanlouwang-ransomware.png>)\n\nThe low number of infections is due to the targeted nature of the ransomware: the threat actor prepares and implements attacks on specific companies only.\n\nOur experts have [discovered a vulnerability that allows files to be recovered](<https://securelist.com/how-to-recover-files-encrypted-by-yanluowang/106332/>) without the attackers' key \u2014 although only under certain conditions \u2014 with the help of a known-plaintext attack. This method overcomes the encryption algorithm if two versions of the same text are available: one clean and one encrypted. If the victim has clean copies of some of the encrypted files, our upgraded [Rannoh Decryptor](<https://noransom.kaspersky.com/>) can analyze these and recover the rest of the information.\n\nThere is one snag: Yanluowang corrupts files slightly differently depending on their size. It encrypts small (less than 3 GB) files completely, and large ones, partially. So, the decryption requires clean files of different sizes. For files smaller than 3 GB, it is enough to have the original and an encrypted version of the file that are 1024 bytes or more. To recover files larger than 3 GB, however, you need original files of the appropriate size. However, if you find a clean file larger than 3 GB, it will generally be possible to recover both large and small files.\n\n### Ransomware TTPs\n\nIn June, we carried out an [in-depth analysis of the TTPs (tactics, techniques and procedures) (TTPs) of the eight most widespread ransomware families](<https://securelist.com/modern-ransomware-groups-ttps/106824/>): Conti/Ryuk, Pysa, Clop, Hive, Lockbit2.0, RagnarLocker, BlackByte and BlackCat. Our aim was to help those tasked with defending corporate systems to understand how ransomware groups operate and how to protect against their attacks.\n\nThe report includes the following:\n\n * The TTPs of eight modern ransomware groups.\n * A description of how various groups share more than half of their components and TTPs, with the core attack stages executed identically across groups.\n * A cyber-kill chain diagram that combines the visible intersections and common elements of the selected ransomware groups and makes it possible to predict the threat actors' next steps.\n * A detailed analysis of each technique with examples of how various groups use them, and a comprehensive list of mitigations.\n * SIGMA rules based on the described TTPs that can be applied to SIEM solutions.\n\n### Ransomware trends in 2022\n\nAhead of the Anti-Ransomware Day on May 12, we took the opportunity to outline the tendencies that have characterized ransomware in 2022. In [our report](<https://securelist.com/new-ransomware-trends-in-2022/106457/>), we highlight several trends that we have observed.\n\nFirst, we are seeing more widespread development of cross-platform ransomware, as cybercriminals seek to penetrate complex environments running a variety of systems. By using cross-platform languages such as Rust and Golang, attackers are able to port their code, which allows them to encrypt data on more computers.\n\nSecond, ransomware gangs continue to industrialize and evolve into real businesses by adopting the techniques and processes used by legitimate software companies.\n\nThird, the developers of ransomware are adopting a political stance, involving themselves in the conflict between Russia and Ukraine.\n\nFinally, we offer best practices that organizations should adopt to help them defend against ransomware attacks:\n\n * Keep software updated on all your devices.\n * Focus your defense strategy on detecting lateral movements and data exfiltration.\n * Enable ransomware protection for all endpoints.\n * Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents.\n * Provide your SOC team with access to the latest threat intelligence.\n\n### Emotet's return\n\nEmotet has been around for eight years. When it was first discovered in 2014, its main purpose was stealing banking credentials. Subsequently, the malware [underwent numerous transformations](<https://securelist.com/the-chronicles-of-emotet/99660/>) to become one of the most powerful botnets ever. Emotet made headlines in January 2021, when its operations were disrupted through the joint efforts of law enforcement agencies in several countries. This kind of "takedowns" does not necessarily lead to the demise of a cybercriminal operation. It took the cybercriminals almost ten months to rebuild the infrastructure, but Emotet did return in November 2021. At that time, the Trickbot malware was used to deliver Emotet, but it is now spreading on its own through malicious spam campaigns.\n\nRecent Emotet protocol analysis and C2 responses suggest that Emotet is now capable of downloading sixteen additional modules. We were able to retrieve ten of these, including two different copies of the spam module, used by Emotet for stealing credentials, passwords, accounts and emails, and to spread spam.\n\nYou can read our analysis of these modules, as well as statistics on recent Emotet attacks, [here](<https://securelist.com/emotet-modules-and-recent-attacks/106290/>).\n\nEmotet infects both corporate and private computers all around the world. Our telemetry indicates that in the first quarter of 2022, targeted: it mostly targeted users in Italy, Russia, Japan, Mexico, Brazil, Indonesia, India, Vietnam, China, Germany and Malaysia.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12151050/03-en-emotet-1024x804.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12151050/03-en-emotet.png>)\n\nMoreover, we have seen a significant growth in the number of users attacked by Emotet.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12150829/02-en-emotet-1024x695.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12150829/02-en-emotet.png>)\n\n### Mobile subscription Trojans\n\nTrojan subscribers are a well-established method of stealing money from people using Android devices. These Trojans masquerade as useful apps but, once installed, silently subscribe to paid services.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/10140330/trojans-subscribers-2022-screen-1-1024x733.jpg)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/10140330/trojans-subscribers-2022-screen-1.jpg>)\n\nThe developers of these Trojans make money through commissions: they get a cut of what the person "spends". Funds are typically deducted from the cellphone account, although in some cases, these may be debited directly to a bank card. We looked at the most notable examples that we have seen in the last twelve months, belonging to the Jocker, MobOk, Vesub and GriftHorse families.\n\nNormally, someone has to actively subscribe to a service; providers often ask subscribers to enter a one-time code sent via SMS, to counter automated subscription attempts. To sidestep this protection, malware can request permission to access text messages; where they do not obtain this, they can steal confirmation codes from pop-up notifications about incoming messages.\n\nSome Trojans can both steal confirmation codes from texts or notifications, and work around [CAPTCHA](<https://encyclopedia.kaspersky.com/glossary/captcha/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>): another means of protection against automated subscriptions. To recognize the code in the picture, the Trojan sends it to a special CAPTCHA recognition service.\n\nSome malware is distributed through dubious sources under the guise of apps that are banned from official stores, for example, masquerading as apps for downloading content from YouTube or other streaming services, or as an unofficial Android version of GTA5. In addition, they can appear in these same sources as free versions of popular, expensive apps, such as Minecraft.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/05131311/Trojan_subscribers_-10-1024x578.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/05131311/Trojan_subscribers_-10.png>)\n\nOther mobile subscription Trojans are less sophisticated. When run for the first time, they ask the user to enter their phone number, seemingly for login purposes. The subscription is issued as soon as they enter their number and click the login button, and the amount is debited to their cellphone account.\n\nOther Trojans employ subscriptions with recurring payments. While this requires consent, the person using the phone might not realize they are signing up for regular automatic payments. Moreover, the first payment is often insignificant, with later charges being noticeably higher.\n\nYou can read more about this type of mobile Trojan, along with tips on how to avoid falling victim to it, [here](<https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/>).\n\n### The threat from stalkerware\n\nOver the last four years, we have published annual reports on the stalkerware situation, in particular using data from the [Kaspersky Security Network](<https://www.kaspersky.com/ksn>). This year, our [report](<https://securelist.com/the-state-of-stalkerware-in-2021/106193/>) also included the results of a [survey](<https://media.kasperskydaily.com/wp-content/uploads/sites/86/2021/11/17164103/Kaspersky_Digital-stalking-in-relationships_Report_FINAL.pdf>) on digital abuse commissioned by Kaspersky and several public organizations.\n\nStalkerware provides the digital means for a person to secretly monitor someone else's private life and is often used to facilitate psychological and physical violence against intimate partners. The software is commercially available and can access an array of personal data, including device location, browser history, text messages, social media chats, photos and more. It may be legal to market stalkerware, although its use to monitor someone without their consent is not. Developers of stalkerware benefit from a vague legal framework that still exists in many countries.\n\nIn 2021, our data indicated that around 33,000 people had been affected by stalkerware.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/08160627/Stalkerware_report_2021_01-1024x595.png)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/08160627/Stalkerware_report_2021_01.png>)\n\nThe numbers were lower than what we had seen for a few years prior to that. However, it is important to remember that the decrease of 2020 and 2021 occurred during successive COVID-19 lockdowns: that is, during conditions that meant abusers did not need digital tools to monitor and control their partners' personal lives. It is also important to bear in mind that mobile apps represent only one method used by abusers to track someone \u2014 others include tracking devices such as AirTags, laptop applications, webcams, smart home systems and fitness trackers. KSN tracks only the use of mobile apps. Finally, KSN data is taken from mobile devices protected by Kaspersky products: many people do not protect their mobile devices. The [Coalition Against Stalkerware](<https://stopstalkerware.org/>), which brings together members of the IT industry and non-profit companies, believes that the overall number of people affected by this threat might be thirty times higher \u2014 that is around a million people!\n\nStalkerware continues to affect people across the world: in 2021, we observed detections in 185 countries or territories.\n\n[![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12144726/Stalkerware_report_2021_eng_03-1024x660.jpg)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12144726/Stalkerware_report_2021_eng_03.jpg>)\n\nJust as in 2020, Russia, Brazil, the US and India were the top four countries with the largest numbers of affected individuals. Interestingly, Mexico had fallen from fifth to ninth place. Algeria, Turkey and Egypt entered the top ten, replacing Italy, the UK and Saudi Arabia, which were no longer in the top ten.\n\nWe would recommend the following to reduce your risk of being targeted:\n\n * Use a unique, complex password on your phone and do not share it with anyone.\n * Try not to leave your phone unattended; and if you have to, lock it.\n * Download apps only from official stores.\n * Protect your mobile device with trustworthy security software and make sure it is able to detect stalkerware.\n\nRemember also that if you discover stalkerware on your phone, dealing with the problem is not as simple as just removing the stalkerware app. This will alert the abuser to the fact that you have become aware of their activities and may precipitate physical abuse. Instead, seek help: you can find a list or organizations that can provide [help and support](<https://stopstalkerware.org/resources/>) on the Coalition Against Stalkerware site.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-15T12:00:34", "type": "securelist", "title": "IT threat evolution Q2 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965", "CVE-2022-26925", "CVE-2022-30190"], "modified": "2022-08-15T12:00:34", "id": "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947", "href": "https://securelist.com/it-threat-evolution-q2-2022/107099/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T16:13:15", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15093042/abstract_digital_report-990x400.jpg)\n\n * [IT threat evolution in Q2 2022](<https://securelist.com/it-threat-evolution-q2-2022/107099/>)\n * **IT threat evolution in Q2 2022. Non-mobile statistics**\n * [IT threat evolution in Q2 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/>)\n\n_These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q2 2022:\n\n * Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.\n * Web Anti-Virus recognized 273,033,368 unique URLs as malicious. Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 100,829 unique users.\n * Ransomware attacks were defeated on the computers of 74,377 unique users.\n * Our File Anti-Virus detected 55,314,176 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q2 2022, Kaspersky solutions blocked the launch of malware designed to steal money from bank accounts on the computers of 100,829 unique users.\n\n_Number of unique users attacked by financial malware, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025224/01-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**Geography of financial malware attacks**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country and territory we calculated the share of Kaspersky users who faced this threat during the reporting period as a percentage of all users of our products in that country or territory._\n\n_Geography of financial malware attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025321/02-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 4.8 \n2 | Afghanistan | 4.3 \n3 | Tajikistan | 3.8 \n4 | Paraguay | 3.1 \n5 | China | 2.4 \n6 | Yemen | 2.4 \n7 | Uzbekistan | 2.2 \n8 | Sudan | 2.1 \n9 | Egypt | 2.0 \n10 | Mauritania | 1.9 \n \n_* Excluded are countries and territories with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n**TOP 10 banking malware families**\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 35.5 \n2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 15.8 \n3 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 6.4 \n4 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 6 \n5 | RTM | Trojan-Banker.Win32.RTM | 2.7 \n6 | SpyEye | Trojan-Spy.Win32.SpyEye | 2.3 \n7 | IcedID | Trojan-Banker.Win32.IcedID | 2.1 \n8 | Danabot | Trojan-Banker.Win32.Danabot | 1.9 \n9 | BitStealer | Trojan-Banker.Win32.BitStealer | 1.8 \n10 | Gozi | Trojan-Banker.Win32.Gozi | 1.3 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\nIn the second quarter, the Lockbit group [launched a bug bounty program](<https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/>). The cybercriminals are promising $1,000 to $1,000,000 for doxing of senior officials, reporting web service, Tox messenger or ransomware Trojan algorithm vulnerabilities, as well as for ideas on improving the Lockbit website and Trojan. This was the first-ever case of ransomware groups doing a (self-promotion?) campaign like that.\n\nAnother well-known group, Conti, said it was shutting down operations. The announcement followed a high-profile attack on Costa Rica's information systems, which prompted the government to [declare a state of emergency](<https://www.bleepingcomputer.com/news/security/costa-rica-declares-national-emergency-after-conti-ransomware-attacks/>). The Conti infrastructure was shut down in late June, but some in the infosec community believe that Conti members are either just rebranding or have split up and joined other ransomware teams, including Hive, AvosLocker and BlackCat.\n\nWhile some ransomware groups are drifting into oblivion, others seem to be making a comeback. REvil's website went back online in April, and researchers [discovered](<https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/>) a newly built specimen of their Trojan. This might have been a test build, as the sample did not encrypt any files, but these events may herald the impending return of REvil.\n\nKaspersky researchers found a way to recover files encrypted by the Yanluowang ransomware and [released a decryptor](<https://securelist.ru/how-to-recover-files-encrypted-by-yanluowang/105019/>) for all victims. Yanluowang has been spotted in targeted attacks against large businesses in the US, Brazil, Turkey, and other countries.\n\n### Number of new modifications\n\nIn Q2 2022, we detected 15 new ransomware families and 2355 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q2 2021 \u2014 Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025415/03-en-ru-es-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q2 2022, Kaspersky products and technologies protected 74,377 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025443/04-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Geography of attacked users\n\n_Geography of attacks by ransomware Trojans, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025517/05-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories attacked by ransomware Trojans**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.81 \n2 | Yemen | 1.24 \n3 | South Korea | 1.11 \n4 | Mozambique | 0.82 \n5 | Taiwan | 0.70 \n6 | China | 0.46 \n7 | Pakistan | 0.40 \n8 | Angola | 0.37 \n9 | Venezuela | 0.33 \n10 | Egypt | 0.32 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 50,000)._ \n_** Unique users whose computers were attacked by Trojan encryptors as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts*** | **Percentage of attacked users**** \n---|---|---|--- \n1 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 17.91 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.58 \n3 | Magniber | Trojan-Ransom.Win64.Magni | 9.80 \n4 | (generic verdict) | Trojan-Ransom.Win32.Gen | 7.91 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.75 \n6 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 6.55 \n7 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 3.51 \n8 | (generic verdict) | Trojan-Ransom.MSIL.Encoder | 3.02 \n9 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 2.96 \n10 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 2.69 \n \n_* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to provide statistical data._ \n_** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q2 2022, Kaspersky solutions detected 40,788 new modifications of miners. A vast majority of these (more than 35,000) were detected in June. Thus, the spring depression \u2014 in March through May we found a total of no more than 10,000 new modifications \u2014 was followed by a record of sorts.\n\n_Number of new miner modifications, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025548/06-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Number of users attacked by miners\n\nIn Q2, we detected attacks using miners on the computers of 454,385 unique users of Kaspersky products and services worldwide. We are seeing a reverse trend here: miner attacks have gradually declined since the beginning of 2022.\n\n_Number of unique users attacked by miners, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025613/07-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Geography of miner attacks\n\n_Geography of miner attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025642/08-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories attacked by miners**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Rwanda | 2.94 \n2 | Ethiopia | 2.67 \n3 | Tajikistan | 2.35 \n4 | Tanzania | 1.98 \n5 | Kyrgyzstan | 1.94 \n6 | Uzbekistan | 1.88 \n7 | Kazakhstan | 1.84 \n8 | Venezuela | 1.80 \n9 | Mozambique | 1.68 \n10 | Ukraine | 1.56 \n \n_* Excluded are countries and territories with relatively few users of Kaspersky products (under 50,000)._ \n_** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by criminals during cyberattacks\n\n### Quarterly highlights\n\nDuring Q2 2022, a number of major vulnerabilities were discovered in the Microsoft Windows. For instance, [CVE-2022-26809](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809>) critical error allows an attacker to remotely execute arbitrary code in a system using a custom RPC request. The Network File System (NFS) driver was found to contain two RCE vulnerabilities: [CVE-2022-24491](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491>) and [CVE-2022-24497](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24497>). By sending a custom network message via the NFS protocol, an attacker can remotely execute arbitrary code in the system as well. Both vulnerabilities affect server systems with the NFS role activated. The [CVE-2022-24521](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521>) vulnerability targeting the Common Log File System (CLFS) driver was found in the wild. It allows elevation of local user privileges, although that requires the attacker to have gained a foothold in the system. [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>), also known as LSA Spoofing, was another vulnerability found during live operation of server systems. It allows an unauthenticated attacker to call an LSARPC interface method and get authenticated by Windows domain controller via the NTLM protocol. These vulnerabilities are an enduring testament to the importance of timely OS and software updates.\n\nMost of the network threats detected in Q2 2022 had been mentioned in previous reports. Most of those were attacks that involved [brute-forcing](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) access to various web services. The most popular protocols and technologies susceptible to these attacks include MS SQL Server, RDP and SMB. Attacks that use the EternalBlue, EternalRomance and similar exploits are still popular. Exploitation of Log4j vulnerability ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-44228>)) is also quite common, as the susceptible Java library is often used in web applications. Besides, the Spring MVC framework, used in many Java-based web applications, was found to contain a new vulnerability [CVE-2022-22965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965>) that exploits the data binding functionality and results in remote code execution. Finally, we have observed a rise in attacks that exploit insecure deserialization, which can also result in access to remote systems due to incorrect or missing validation of untrusted user data passed to various applications.\n\n### Vulnerability statistics\n\nExploits targeting Microsoft Office vulnerabilities grew in the second quarter to 82% of the total. Cybercriminals were spreading malicious documents that exploited [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>) and [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>), which are the best-known vulnerabilities in the Equation Editor component. Exploitation involves the component memory being damaged and a specially designed script, run on the target computer. Another vulnerability, [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>), allows downloading and running a malicious script when opening an infected document, to execute various operations in a vulnerable system. The emergence of [CVE-2022-30190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190>)[or Follina vulnerability](<https://securelist.com/cve-2022-30190-follina-vulnerability-in-msdt-description-and-counteraction/106703/>) also increased the number of exploits in this category. An attacker can use a custom malicious document with a link to an external OLE object, and a special URI scheme to have Windows run the MSDT diagnostics tool. This, in turn, combined with a special set of parameters passed to the victim's computer, can cause an arbitrary command to be executed \u2014 even if macros are disabled and the document is opened in Protected Mode.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025713/09-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\nAttempts at exploiting vulnerabilities that affect various script engines and, specifically, browsers, dipped to 5%. In the second quarter, a number of critical RCE vulnerabilities were discovered in various Google Chrome based browsers: [CVE-2022-0609](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609>), [CVE-2022-1096](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>), and [CVE-2022-1364](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364>). The first one was found in the animation component; it exploits a Use-After-Free error, causing memory damage, which is followed by the attacker creating custom objects to execute arbitrary code. The second and third vulnerabilities are Type Confusion errors associated with the V8 script engine; they also can result in arbitrary code being executed on a vulnerable user system. Some of the vulnerabilities discovered were found to have been exploited in targeted attacks, in the wild. Mozilla Firefox was found to contain a high-risk Use-After-Free vulnerability, [CVE-2022-1097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097>), which appears when processing NSSToken-type objects from different streams. The browser was also found to contain [CVE-2022-28281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281>), a vulnerability that affects the WebAuthn extension. A compromised Firefox content process can write data out of bounds of the parent process memory, thus potentially enabling code execution with elevated privileges. Two further vulnerabilities, [CVE-2022-1802](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/>) and [CVE-2022-1529](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/>), were exploited in cybercriminal attacks. The exploitation method, dubbed "prototype pollution", allows executing arbitrary JavaScript code in the context of a privileged parent browser process.\n\nAs in the previous quarter, Android exploits ranked third in our statistics with 4%, followed by exploits of Java applications, the Flash platform, and PDF documents, each with 3%.\n\n## Attacks on macOS\n\nThe second quarter brought with it a new batch of cross-platform discoveries. For instance, a new APT group [Earth Berberoka](<https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html>) (GamblingPuppet) that specializes in hacking online casinos, uses malware for Windows, Linux, and macOS. The [TraderTraitor](<https://www.cisa.gov/uscert/ncas/alerts/aa22-108a>) campaign targets cryptocurrency and blockchain organizations, attacking with malicious crypto applications for both Windows and macOS.\n\n**TOP 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Amc.e | 25.61 \n2 | AdWare.OSX.Agent.ai | 12.08 \n3 | AdWare.OSX.Pirrit.j | 7.84 \n4 | AdWare.OSX.Pirrit.ac | 7.58 \n5 | AdWare.OSX.Pirrit.o | 6.48 \n6 | Monitor.OSX.HistGrabber.b | 5.27 \n7 | AdWare.OSX.Agent.u | 4.27 \n8 | AdWare.OSX.Bnodlero.at | 3.99 \n9 | Trojan-Downloader.OSX.Shlayer.a | 3.87 \n10 | Downloader.OSX.Agent.k | 3.67 \n11 | AdWare.OSX.Pirrit.aa | 3.35 \n12 | AdWare.OSX.Pirrit.ae | 3.24 \n13 | Backdoor.OSX.Twenbc.e | 3.16 \n14 | AdWare.OSX.Bnodlero.ax | 3.06 \n15 | AdWare.OSX.Agent.q | 2.73 \n16 | Trojan-Downloader.OSX.Agent.h | 2.52 \n17 | AdWare.OSX.Bnodlero.bg | 2.42 \n18 | AdWare.OSX.Cimpli.m | 2.41 \n19 | AdWare.OSX.Pirrit.gen | 2.08 \n20 | AdWare.OSX.Agent.gen | 2.01 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nAs usual, the TOP 20 ranking for threats detected by Kaspersky security solutions for macOS users is dominated by various adware. AdWare.OSX.Amc.e, also known as Advanced Mac Cleaner, is a newcomer and already a leader, found with a quarter of all attacked users. Members of this family display fake system problem messages, offering to buy the full version to fix those. It was followed by members of the AdWare.OSX.Agent and AdWare.OSX.Pirrit families.\n\n### Geography of threats for macOS\n\n_Geography of threats for macOS, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025743/10-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | France | 2.93 \n2 | Canada | 2.57 \n3 | Spain | 2.51 \n4 | United States | 2.45 \n5 | India | 2.24 \n6 | Italy | 2.21 \n7 | Russian Federation | 2.13 \n8 | United Kingdom | 1.97 \n9 | Mexico | 1.83 \n10 | Australia | 1.82 \n \n_* Excluded from the rating are countries and territories with relatively few users of Kaspersky security solutions for macOS (under 10,000)._ \n_** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q2 2022, the country where the most users were attacked was again France (2.93%), followed by Canada (2.57%) and Spain (2.51%). AdWare.OSX.Amc.e was the most common adware encountered in these three countries.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q2 2022, most devices that attacked Kaspersky traps did so using the Telnet protocol, as before.\n\nTelnet | 82,93% \n---|--- \nSSH | 17,07% \n \n**_Distribution of attacked services by number of unique IP addresses of attacking devices, Q2 2022_**\n\nThe statistics for working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 93,75% \n---|--- \nSSH | 6,25% \n \n**_Distribution of cybercriminal working sessions with Kaspersky traps, Q2 2022_**\n\n**TOP 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 36.28 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 14.66 \n3 | Backdoor.Linux.Mirai.ek | 9.15 \n4 | Backdoor.Linux.Mirai.ba | 8.82 \n5 | Trojan.Linux.Agent.gen | 4.01 \n6 | Trojan.Linux.Enemybot.a | 2.96 \n7 | Backdoor.Linux.Agent.bc | 2.58 \n8 | Trojan-Downloader.Shell.Agent.p | 2.36 \n9 | Trojan.Linux.Agent.mg | 1.72 \n10 | Backdoor.Linux.Mirai.cw | 1.45 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT-threat statistics [are published in the DDoS report](<https://securelist.com/ddos-attacks-in-q2-2022/107025/#attacks-on-iot-honeypots>) for Q2 2022.\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums._\n\n### TOP 10 countries and territories that serve as sources of web-based attacks\n\n_The following statistics show the distribution by country or territory of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q2 2022, Kaspersky solutions blocked 1,164,544,060 attacks launched from online resources across the globe. A total of 273,033,368 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources by country and territory, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025818/11-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Countries and territories where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users around the world, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.\n\nNote that these rankings only include attacks by malicious objects that fall under the **Malware** class; they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Taiwan | 26.07 \n2 | Hong Kong | 14.60 \n3 | Algeria | 14.40 \n4 | Nepal | 14.00 \n5 | Tunisia | 13.55 \n6 | Serbia | 12.88 \n7 | Sri Lanka | 12.41 \n8 | Albania | 12.21 \n9 | Bangladesh | 11.98 \n10 | Greece | 11.86 \n11 | Palestine | 11.82 \n12 | Qatar | 11.50 \n13 | Moldova | 11.47 \n14 | Yemen | 11.44 \n15 | Libya | 11.34 \n16 | Zimbabwe | 11.15 \n17 | Morocco | 11.03 \n18 | Estonia | 11.01 \n19 | Turkey | 10.75 \n20 | Mongolia | 10.50 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware**-class attacks as a percentage of all unique users of Kaspersky products in the country._\n\nOn average during the quarter, 8.31% of the Internet users' computers worldwide were subjected to at least one **Malware-class** web attack.\n\n_Geography of web-based malware attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025917/12-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q2 2022, our File Anti-Virus detected **55,314,176** malicious and potentially unwanted objects.\n\n### Countries and territories where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries and territories.\n\nNote that these rankings only include attacks by malicious programs that fall under the **Malware** class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 47.54 \n2 | Tajikistan | 44.91 \n3 | Afghanistan | 43.19 \n4 | Yemen | 43.12 \n5 | Cuba | 42.71 \n6 | Ethiopia | 41.08 \n7 | Uzbekistan | 37.91 \n8 | Bangladesh | 37.90 \n9 | Myanmar | 36.97 \n10 | South Sudan | 36.60 \n11 | Syria | 35.60 \n12 | Burundi | 34.88 \n13 | Rwanda | 33.69 \n14 | Algeria | 33.61 \n15 | Benin | 33.60 \n16 | Tanzania | 32.88 \n17 | Malawi | 32.65 \n18 | Venezuela | 31.79 \n19 | Cameroon | 31.34 \n20 | Chad | 30.92 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware**-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025948/13-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\nOn average worldwide, Malware-class local threats were registered on 14.65% of users' computers at least once during Q2. Russia scored 16.66% in this rating.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-15T12:00:43", "type": "securelist", "title": "IT threat evolution in Q2 2022. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2021-44228", "CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1097", "CVE-2022-1364", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-22965", "CVE-2022-24491", "CVE-2022-24497", "CVE-2022-24521", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-28281", "CVE-2022-30190"], "modified": "2022-08-15T12:00:43", "id": "SECURELIST:0ED76DA480D73D593C82769757DFD87A", "href": "https://securelist.com/it-threat-evolution-in-q2-2022-non-mobile-statistics/107133/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "googleprojectzero": [{"lastseen": "2022-06-30T13:56:58", "description": "Posted by Maddie Stone, Google Project Zero\n\nThis blog post is an overview of a talk, \u201c 0-day In-the-Wild Exploitation in 2022\u2026so far\u201d, that I gave at the FIRST conference in June 2022. The slides are available [here](<https://github.com/maddiestone/ConPresentations/blob/master/FIRST2022.2022_0days_so_far.pdf>).\n\nFor the last three years, we\u2019ve published annual year-in-review reports of 0-days found exploited in the wild. The most recent of these reports is the [2021 Year in Review report](<https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html>), which we published just a few months ago in April. While we plan to stick with that annual cadence, we\u2019re publishing a little bonus report today looking at the in-the-wild 0-days detected and disclosed in the first half of 2022. \n\nAs of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we\u2019ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug. \n\nProduct\n\n| \n\n2022 ITW 0-day\n\n| \n\nVariant \n \n---|---|--- \n \nWindows win32k\n\n| \n\n[CVE-2022-21882](<https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-21882.html>)\n\n| \n\n[CVE-2021-1732](<https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1732.html>) (2021 itw) \n \niOS IOMobileFrameBuffer\n\n| \n\n[CVE-2022-22587](<https://support.apple.com/en-us/HT213053>)\n\n| \n\n[CVE-2021-30983](<https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html>) (2021 itw) \n \nWindows\n\n| \n\n[CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) (\u201cFollina\u201d)\n\n| \n\n[CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) (2021 itw) \n \nChromium property access interceptors\n\n| \n\n[CVE-2022-1096](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>)\n\n| \n\n[CVE-2016-5128](<https://bugs.chromium.org/p/chromium/issues/detail?id=619166>) [CVE-2021-30551](<https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-30551.html>) (2021 itw) [CVE-2022-1232](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2280>) (Addresses incomplete CVE-2022-1096 fix) \n \nChromium v8\n\n| \n\n[CVE-2022-1364](<https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html>)\n\n| \n\n[CVE-2021-21195](<https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html>) \n \nWebKit\n\n| \n\n[CVE-2022-22620](<https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-22620.html>) (\u201cZombie\u201d)\n\n| \n\n[Bug was originally fixed in 2013, patch was regressed in 2016](<https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html>) \n \nGoogle Pixel\n\n| \n\n[CVE-2021-39793](<https://source.android.com/security/bulletin/pixel/2022-03-01>)*\n\n* While this CVE says 2021, the bug was patched and disclosed in 2022\n\n| \n\n[Linux same bug in a different subsystem](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd5297b0855f17c8b4e3ef1d20c6a3656209c7b3>) \n \nAtlassian Confluence\n\n| \n\n[CVE-2022-26134](<https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html>)\n\n| \n\n[CVE-2021-26084](<https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html>) \n \nWindows\n\n| \n\n[CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>) (\u201cPetitPotam\u201d)\n\n| \n\n[CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) (Patch regressed) \n \nSo, what does this mean?\n\nWhen people think of 0-day exploits, they often think that these exploits are so technologically advanced that there\u2019s no hope to catch and prevent them. The data paints a different picture. At least half of the 0-days we\u2019ve seen so far this year are closely related to bugs we\u2019ve seen before. Our conclusion and findings in the [2020 year-in-review report](<https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html>) were very similar.\n\nMany of the 2022 in-the-wild 0-days are due to the previous vulnerability not being fully patched. In the case of the Windows win32k and the Chromium property access interceptor bugs, the execution flow that the proof-of-concept exploits took were patched, but the root cause issue was not addressed: attackers were able to come back and trigger the original vulnerability through a different path. And in the case of the WebKit and Windows PetitPotam issues, the original vulnerability had previously been patched, but at some point regressed so that attackers could exploit the same vulnerability again. In the iOS IOMobileFrameBuffer bug, a buffer overflow was addressed by checking that a size was less than a certain number, but it didn\u2019t check a minimum bound on that size. For more detailed explanations of three of the 0-days and how they relate to their variants, please see the [slides from the talk](<https://github.com/maddiestone/ConPresentations/blob/master/FIRST2022.2022_0days_so_far.pdf>).\n\nWhen 0-day exploits are detected in-the-wild, it\u2019s the failure case for an attacker. It\u2019s a gift for us security defenders to learn as much as we can and take actions to ensure that that vector can\u2019t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they\u2019re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method. To do that effectively, we need correct and comprehensive fixes.\n\nThis is not to minimize the challenges faced by security teams responsible for responding to vulnerability reports. As we said in our 2020 year in review report: \n\nBeing able to correctly and comprehensively patch isn't just flicking a switch: it requires investment, prioritization, and planning. It also requires developing a patching process that balances both protecting users quickly and ensuring it is comprehensive, which can at times be in tension. While we expect that none of this will come as a surprise to security teams in an organization, this analysis is a good reminder that there is still more work to be done. \n\nExactly what investments are likely required depends on each unique situation, but we see some common themes around staffing/resourcing, incentive structures, process maturity, automation/testing, release cadence, and partnerships.\n\nPractically, some of the following efforts can help ensure bugs are correctly and comprehensively fixed. Project Zero plans to continue to help with the following efforts, but we hope and encourage platform security teams and other independent security researchers to invest in these types of analyses as well:\n\n * Root cause analysis\n\nUnderstanding the underlying vulnerability that is being exploited. Also tries to understand how that vulnerability may have been introduced. Performing a root cause analysis can help ensure that a fix is addressing the underlying vulnerability and not just breaking the proof-of-concept. Root cause analysis is generally a pre-requisite for successful variant and patch analysis.\n\n * Variant analysis\n\nLooking for other vulnerabilities similar to the reported vulnerability. This can involve looking for the same bug pattern elsewhere, more thoroughly auditing the component that contained the vulnerability, modifying fuzzers to understand why they didn\u2019t find the vulnerability previously, etc. Most researchers find more than one vulnerability at the same time. By finding and fixing the related variants, attackers are not able to simply \u201cplug and play\u201d with a new vulnerability once the original is patched.\n\n * Patch analysis\n\nAnalyzing the proposed (or released) patch for completeness compared to the root cause vulnerability. I encourage vendors to share how they plan to address the vulnerability with the vulnerability reporter early so the reporter can analyze whether the patch comprehensively addresses the root cause of the vulnerability, alongside the vendor\u2019s own internal analysis.\n\n * Exploit technique analysis\n\nUnderstanding the primitive gained from the vulnerability and how it\u2019s being used. While it\u2019s generally industry-standard to patch vulnerabilities, mitigating exploit techniques doesn\u2019t happen as frequently. While not every exploit technique will always be able to be mitigated, the hope is that it will become the default rather than the exception. Exploit samples will need to be shared more readily in order for vendors and security researchers to be able to perform exploit technique analysis.\n\nTransparently sharing these analyses helps the industry as a whole as well. We publish our analyses at [this repository](<https://googleprojectzero.github.io/0days-in-the-wild/rca.html>). We encourage vendors and others to publish theirs as well. This allows developers and security professionals to better understand what the attackers already know about these bugs, which hopefully leads to even better solutions and security overall. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-30T00:00:00", "type": "googleprojectzero", "title": "\n2022 0-day In-the-Wild Exploitation\u2026so far\n", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5128", "CVE-2021-1732", "CVE-2021-21195", "CVE-2021-26084", "CVE-2021-30551", "CVE-2021-30983", "CVE-2021-36942", "CVE-2021-39793", "CVE-2021-40444", "CVE-2022-1096", "CVE-2022-1232", "CVE-2022-1364", "CVE-2022-21882", "CVE-2022-22587", "CVE-2022-22620", "CVE-2022-26134", "CVE-2022-26925", "CVE-2022-30190"], "modified": "2022-06-30T00:00:00", "id": "GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "href": "https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}