KB5017392: Windows Server 2022 Security Update (September 2022)

2022-09-13T00:00:00

Description

The remote Windows host is missing security update 5017392. It is, therefore, affected by multiple vulnerabilities - HTTP V3 Denial of Service Vulnerability (CVE-2022-35838) - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170) - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "SMB_NT_MS22_SEP_5017392.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB5017392: Windows Server 2022 Security Update (September 2022)", "description": "The remote Windows host is missing security update 5017392. It is, therefore, affected by multiple vulnerabilities\n\n - HTTP V3 Denial of Service Vulnerability (CVE-2022-35838)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-09-13T00:00:00", "modified": "2023-01-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/165000", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34732", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34724", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30196", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37954", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35837", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38005", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38006", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34722", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35834", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35832", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34730", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34721", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35841", "https://support.microsoft.com/help/5017316", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35835", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35830", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37955", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35836", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35840", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34719", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35838", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30200", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35831", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34726", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35833", "https://support.microsoft.com/help/5017392", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35803", "https://support.microsoft.com/en-us/help/5017392", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30170", "https://support.microsoft.com/en-us/help/5017316"], "cvelist": ["CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37969", "CVE-2022-38005", "CVE-2022-38006"], "immutableFields": [], "lastseen": "2023-01-30T16:15:55", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:48AB1318-D726-4F76-9889-74353FF980EF", "AKB:95BA23FE-CAB6-4758-B294-2A870F37726D"]}, {"type": "avleonov", "idList": ["AVLEONOV:75C789BDAA68C1C2CEC0F20F1D138B01", "AVLEONOV:E5467F48E50B8E100B59F5D3A20F8BC8"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0560", "CPAI-2022-0561", "CPAI-2022-0563", "CPAI-2022-0564", "CPAI-2022-0605"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-37969"]}, {"type": "cnvd", "idList": ["CNVD-2022-63613", "CNVD-2022-63614", "CNVD-2022-63615", "CNVD-2022-63618"]}, {"type": "cve", "idList": ["CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38005", "CVE-2022-38006"]}, {"type": "github", "idList": ["GHSA-VX2X-9CFF-FHJW"]}, {"type": "githubexploit", "idList": ["4855B030-D9C3-5C79-9B66-178F5260F85F", "A304CD7E-97E7-577B-91FF-D46A42433CD9", "E5D8CAA1-5C17-5A66-B3B6-1C229182D694"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:75823B4B03E867492EE237294C2ED9EF"]}, {"type": "hivepro", "idList": ["HIVEPRO:884DC2D35F8477A209AAB7B9045E6BAB", "HIVEPRO:B146CB21244E67A8A5B49722A69EDFE7", "HIVEPRO:E84F8B6C5ACC25E1292D697BE03628CC"]}, {"type": "kaspersky", "idList": ["KLA19245", "KLA19249"]}, {"type": "krebs", "idList": ["KREBS:93C313996DC56B0E237DCF999BF438CB"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:30F9B0094E0BC177A7D657BF67D87E39", "MALWAREBYTES:8FF6ADCDE71AD78C1537280203BB4A22"]}, {"type": "mscve", "idList": ["MS:CVE-2022-30170", "MS:CVE-2022-30196", "MS:CVE-2022-30200", "MS:CVE-2022-33647", "MS:CVE-2022-33679", "MS:CVE-2022-34718", "MS:CVE-2022-34719", "MS:CVE-2022-34720", "MS:CVE-2022-34721", "MS:CVE-2022-34722", "MS:CVE-2022-34724", "MS:CVE-2022-34725", "MS:CVE-2022-34726", "MS:CVE-2022-34727", "MS:CVE-2022-34728", "MS:CVE-2022-34729", "MS:CVE-2022-34730", "MS:CVE-2022-34731", "MS:CVE-2022-34732", "MS:CVE-2022-34733", "MS:CVE-2022-34734", "MS:CVE-2022-35803", "MS:CVE-2022-35830", "MS:CVE-2022-35831", "MS:CVE-2022-35832", "MS:CVE-2022-35833", "MS:CVE-2022-35834", "MS:CVE-2022-35835", "MS:CVE-2022-35836", "MS:CVE-2022-35837", "MS:CVE-2022-35838", "MS:CVE-2022-35840", "MS:CVE-2022-35841", "MS:CVE-2022-37954", "MS:CVE-2022-37955", "MS:CVE-2022-37956", "MS:CVE-2022-37957", "MS:CVE-2022-37958", "MS:CVE-2022-37959", "MS:CVE-2022-37964", "MS:CVE-2022-37969", "MS:CVE-2022-38005", "MS:CVE-2022-38006"]}, {"type": "mskb", "idList": ["KB5017305", "KB5017308", "KB5017315", "KB5017316", "KB5017328", "KB5017358", "KB5017361", "KB5017365", "KB5017367", "KB5017370", "KB5017371", "KB5017373", "KB5017377", "KB5017392"]}, {"type": "nessus", "idList": ["SMB_NT_MS22_SEP_5017305.NASL", "SMB_NT_MS22_SEP_5017308.NASL", "SMB_NT_MS22_SEP_5017315.NASL", "SMB_NT_MS22_SEP_5017327.NASL", "SMB_NT_MS22_SEP_5017328.NASL", "SMB_NT_MS22_SEP_5017365.NASL", "SMB_NT_MS22_SEP_5017371.NASL", "SMB_NT_MS22_SEP_5017373.NASL", "SMB_NT_MS22_SEP_5017377.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-VX2X-9CFF-FHJW"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:18D37B8C2CD2D054E0847CB1F4A3A13B"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C1D4FC22F6D85FEFFDC5CE5F9BA32AA2", "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:207700353EDB2453B1928E90A6683A0E"]}, {"type": "schneier", "idList": ["SCHNEIER:CB553D932DAFD3781B29AD0FB9C289C4"]}, {"type": "securelist", "idList": ["SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837"]}, {"type": "talosblog", "idList": ["TALOSBLOG:E99AAC7F44B9D1EA471CB0F2A592FA92"]}, {"type": "thn", "idList": ["THN:5F2987C1A3F554D79E8C056DC4B86850", "THN:92A38DD61E285B0CDD7C80A398BDB187", "THN:D010C92A9BC9913717ECAC2624F32E80", "THN:FB6ED90DCAF6C4F1F46D1CBFF38FC1CA"]}, {"type": "veracode", "idList": ["VERACODE:38382"]}, {"type": "zdi", "idList": ["ZDI-22-1284", "ZDI-22-1285"]}, {"type": "zdt", "idList": ["1337DAY-ID-38021"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "vulnersScore": 0.2}, "_state": {"dependencies": 1675095410, "score": 1675095450}, "_internal": {"score_hash": "edf2f70470c1189c04e99460094a6620"}, "pluginID": "165000", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165000);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-30170\",\n \"CVE-2022-30196\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35838\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37954\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37958\",\n \"CVE-2022-37959\",\n \"CVE-2022-37969\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017392\");\n script_xref(name:\"MSFT\", value:\"MS22-5017392\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017392: Windows Server 2022 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017392. It is, therefore, affected by multiple vulnerabilities\n\n - HTTP V3 Denial of Service Vulnerability (CVE-2022-35838)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017392\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017316',\n '5017392'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:20348,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017316, 5017392])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply Security Update 5017392", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2022-35840", "vendor_cvss2": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-09-13T00:00:00", "vulnerabilityPublicationDate": "2022-09-13T00:00:00", "exploitableWith": ["Core Impact"]}

{"nessus": [{"lastseen": "2023-01-30T16:16:10", "description": "The remote Windows host is missing security update 5017365. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017365: Windows Server 2012 R2 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017365.NASL", "href": "https://www.tenable.com/plugins/nessus/165005", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165005);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37958\",\n \"CVE-2022-37959\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017365\");\n script_xref(name:\"MSKB\", value:\"5017367\");\n script_xref(name:\"MSFT\", value:\"MS22-5017365\");\n script_xref(name:\"MSFT\", value:\"MS22-5017367\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017365: Windows Server 2012 R2 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017365. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017367\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017365 or Cumulative Update 5017367\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017367',\n '5017365'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017367, 5017365])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:15:38", "description": "The remote Windows host is missing security update 5017373. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017373: Windows Server 2008 R2 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017373.NASL", "href": "https://www.tenable.com/plugins/nessus/165002", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165002);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37958\",\n \"CVE-2022-37964\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017361\");\n script_xref(name:\"MSKB\", value:\"5017373\");\n script_xref(name:\"MSFT\", value:\"MS22-5017361\");\n script_xref(name:\"MSFT\", value:\"MS22-5017373\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017373: Windows Server 2008 R2 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017373. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017373\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017373 or Cumulative Update 5017361\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017373',\n '5017361'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1',\n sp:1,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017373, 5017361])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:15:55", "description": "The remote Windows host is missing security update 5017377. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017377: Windows Server 2012 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017377.NASL", "href": "https://www.tenable.com/plugins/nessus/165007", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165007);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37958\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017370\");\n script_xref(name:\"MSKB\", value:\"5017377\");\n script_xref(name:\"MSFT\", value:\"MS22-5017370\");\n script_xref(name:\"MSFT\", value:\"MS22-5017377\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017377: Windows Server 2012 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017377. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017377\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017377 or Cumulative Update 5017370\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017377',\n '5017370'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017377, 5017370])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:15:38", "description": "The remote Windows host is missing security update 5017305. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017305: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26928", "CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017305.NASL", "href": "https://www.tenable.com/plugins/nessus/164996", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164996);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26928\",\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37957\",\n \"CVE-2022-37958\",\n \"CVE-2022-37959\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017305\");\n script_xref(name:\"MSFT\", value:\"MS22-5017305\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017305: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017305. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017305\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017305'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:14393,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017305])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:15:37", "description": "The remote Windows host is missing security update 5017315. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017315: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26928", "CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017315.NASL", "href": "https://www.tenable.com/plugins/nessus/164997", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164997);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26928\",\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30196\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37954\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37957\",\n \"CVE-2022-37958\",\n \"CVE-2022-37959\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017315\");\n script_xref(name:\"MSFT\", value:\"MS22-5017315\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017315: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017315. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017315\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017315\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017315'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:17763,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017315])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:16:48", "description": "The remote Windows host is missing security update 5017371. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017371: Windows Server 2008 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017371.NASL", "href": "https://www.tenable.com/plugins/nessus/165004", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165004);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-33647\",\n \"CVE-2022-33679\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34724\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35830\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37964\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017358\");\n script_xref(name:\"MSKB\", value:\"5017371\");\n script_xref(name:\"MSFT\", value:\"MS22-5017358\");\n script_xref(name:\"MSFT\", value:\"MS22-5017371\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n\n script_name(english:\"KB5017371: Windows Server 2008 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017371. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017371\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017371 or Cumulative Update 5017358\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017371',\n '5017358'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0',\n sp:2,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017371, 5017358])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:16:28", "description": "The remote Windows host is missing security update 5017327. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017327: Windows 10 LTS 1507 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26928", "CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30200", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017327.NASL", "href": "https://www.tenable.com/plugins/nessus/165006", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165006);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26928\",\n \"CVE-2022-26929\",\n \"CVE-2022-30170\",\n \"CVE-2022-30200\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37958\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017327\");\n script_xref(name:\"MSFT\", value:\"MS22-5017327\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0376-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017327: Windows 10 LTS 1507 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017327. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017327\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017327\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017327'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:10240,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017327])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:15:55", "description": "The remote Windows host is missing security update 5017308. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017308: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26928", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017308.NASL", "href": "https://www.tenable.com/plugins/nessus/164994", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164994);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-26928\",\n \"CVE-2022-30170\",\n \"CVE-2022-30196\",\n \"CVE-2022-30200\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37954\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37957\",\n \"CVE-2022-37958\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017308\");\n script_xref(name:\"MSFT\", value:\"MS22-5017308\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017308: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017308. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\n - Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017308\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017308\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35840\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017308'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvar os_name = get_kb_item(\"SMB/ProductName\");\n\nif ( ( (\"enterprise\" >< tolower(os_name) || \"education\" >< tolower(os_name))\n &&\n smb_check_rollup(os:'10',\n os_build:19042,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017308]) \n )\n ||\n smb_check_rollup(os:'10',\n os_build:19043,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017308])\n || \n smb_check_rollup(os:'10',\n os_build:19044,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017308])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-30T16:16:10", "description": "The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "KB5017328: Windows 11 Security Update (September 2022)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-26928", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34723", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_SEP_5017328.NASL", "href": "https://www.tenable.com/plugins/nessus/164998", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164998);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2022-23960\",\n \"CVE-2022-26928\",\n \"CVE-2022-30170\",\n \"CVE-2022-30196\",\n \"CVE-2022-30200\",\n \"CVE-2022-34718\",\n \"CVE-2022-34719\",\n \"CVE-2022-34720\",\n \"CVE-2022-34721\",\n \"CVE-2022-34722\",\n \"CVE-2022-34723\",\n \"CVE-2022-34725\",\n \"CVE-2022-34726\",\n \"CVE-2022-34727\",\n \"CVE-2022-34728\",\n \"CVE-2022-34729\",\n \"CVE-2022-34730\",\n \"CVE-2022-34731\",\n \"CVE-2022-34732\",\n \"CVE-2022-34733\",\n \"CVE-2022-34734\",\n \"CVE-2022-35803\",\n \"CVE-2022-35831\",\n \"CVE-2022-35832\",\n \"CVE-2022-35833\",\n \"CVE-2022-35834\",\n \"CVE-2022-35835\",\n \"CVE-2022-35836\",\n \"CVE-2022-35837\",\n \"CVE-2022-35838\",\n \"CVE-2022-35840\",\n \"CVE-2022-35841\",\n \"CVE-2022-37954\",\n \"CVE-2022-37955\",\n \"CVE-2022-37956\",\n \"CVE-2022-37957\",\n \"CVE-2022-37958\",\n \"CVE-2022-37969\",\n \"CVE-2022-38004\",\n \"CVE-2022-38005\",\n \"CVE-2022-38006\"\n );\n script_xref(name:\"MSKB\", value:\"5017328\");\n script_xref(name:\"MSFT\", value:\"MS22-5017328\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0369-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0368-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0042\");\n\n script_name(english:\"KB5017328: Windows 11 Security Update (September 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)\n\n - Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5017328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5017328\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5017328\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34722\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-09';\nkbs = make_list(\n '5017328'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:22000,\n rollup_date:'09_2022',\n bulletin:bulletin,\n rollup_kb_list:[5017328])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2022-09-16T12:36:02", "description": "### *Detect date*:\n09/13/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-35840](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35840>) \n[CVE-2022-38004](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38004>) \n[CVE-2022-34727](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34727>) \n[CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>) \n[CVE-2022-30170](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170>) \n[CVE-2022-34724](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34724>) \n[CVE-2022-33647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33647>) \n[CVE-2022-34732](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34732>) \n[CVE-2022-35830](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35830>) \n[CVE-2022-34726](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34726>) \n[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) \n[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>) \n[CVE-2022-37955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37955>) \n[CVE-2022-34731](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34731>) \n[CVE-2022-35803](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35803>) \n[CVE-2022-30200](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30200>) \n[CVE-2022-34730](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34730>) \n[CVE-2022-34729](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34729>) \n[CVE-2022-38006](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38006>) \n[CVE-2022-38005](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38005>) \n[CVE-2022-37964](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37964>) \n[CVE-2022-37956](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37956>) \n[CVE-2022-34733](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34733>) \n[CVE-2022-35836](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35836>) \n[CVE-2022-35833](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35833>) \n[CVE-2022-35832](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35832>) \n[CVE-2022-37958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958>) \n[CVE-2022-35835](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835>) \n[CVE-2022-33679](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679>) \n[CVE-2022-34734](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34734>) \n[CVE-2022-34728](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34728>) \n[CVE-2022-34720](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34720>) \n[CVE-2022-34719](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34719>) \n[CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) \n[CVE-2022-35837](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837>) \n[CVE-2022-35834](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35834>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2022-35840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35840>)5.0Critical \n[CVE-2022-38004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38004>)5.0Critical \n[CVE-2022-34727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34727>)5.0Critical \n[CVE-2022-37969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37969>)5.0Critical \n[CVE-2022-30170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30170>)5.0Critical \n[CVE-2022-34724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34724>)5.0Critical \n[CVE-2022-33647](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33647>)5.0Critical \n[CVE-2022-34732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34732>)5.0Critical \n[CVE-2022-35830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35830>)5.0Critical \n[CVE-2022-34726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34726>)5.0Critical \n[CVE-2022-34718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718>)5.0Critical \n[CVE-2022-34721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34721>)5.0Critical \n[CVE-2022-37955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37955>)5.0Critical \n[CVE-2022-34731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34731>)5.0Critical \n[CVE-2022-35803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35803>)5.0Critical \n[CVE-2022-30200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30200>)5.0Critical \n[CVE-2022-34730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34730>)5.0Critical \n[CVE-2022-34729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34729>)5.0Critical \n[CVE-2022-38006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38006>)5.0Critical \n[CVE-2022-38005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38005>)5.0Critical \n[CVE-2022-37956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37956>)5.0Critical \n[CVE-2022-34733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34733>)5.0Critical \n[CVE-2022-35836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35836>)5.0Critical \n[CVE-2022-35833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35833>)5.0Critical \n[CVE-2022-35832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35832>)5.0Critical \n[CVE-2022-37958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958>)5.0Critical \n[CVE-2022-35835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35835>)5.0Critical \n[CVE-2022-33679](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679>)5.0Critical \n[CVE-2022-34734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34734>)5.0Critical \n[CVE-2022-34728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728>)5.0Critical \n[CVE-2022-34720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720>)5.0Critical \n[CVE-2022-34719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34719>)5.0Critical \n[CVE-2022-34722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34722>)5.0Critical \n[CVE-2022-35837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35837>)5.0Critical \n[CVE-2022-35834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35834>)5.0Critical \n[CVE-2022-37964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37964>)5.0Critical\n\n### *KB list*:\n[5017361](<http://support.microsoft.com/kb/5017361>) \n[5017373](<http://support.microsoft.com/kb/5017373>) \n[5017371](<http://support.microsoft.com/kb/5017371>) \n[5017358](<http://support.microsoft.com/kb/5017358>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "kaspersky", "title": "KLA19249 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-30170", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35840", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37958", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006"], "modified": "2022-09-15T00:00:00", "id": "KLA19249", "href": "https://threats.kaspersky.com/en/vulnerability/KLA19249/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T12:36:08", "description": "### *Detect date*:\n09/13/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2016 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nWindows 11 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2012 \nWindows Server 2019 (Server Core installation) \nRaw Image Extension \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2022 Azure Edition Core Hotpatch \nWindows 11 for ARM64-based Systems \nWindows Server 2022 \nAV1 Video Extension \nWindows Server 2012 R2 (Server Core installation) \nWindows RT 8.1 \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2019 \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server 2016 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 21H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-35840](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35840>) \n[CVE-2022-38004](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38004>) \n[CVE-2022-34727](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34727>) \n[CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>) \n[CVE-2022-30170](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170>) \n[CVE-2022-34724](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34724>) \n[CVE-2022-33647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33647>) \n[CVE-2022-34732](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34732>) \n[CVE-2022-35830](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35830>) \n[CVE-2022-34726](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34726>) \n[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) \n[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>) \n[CVE-2022-37957](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37957>) \n[CVE-2022-37955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37955>) \n[CVE-2022-34731](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34731>) \n[CVE-2022-35803](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35803>) \n[CVE-2022-30200](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30200>) \n[CVE-2022-34730](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34730>) \n[CVE-2022-34729](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34729>) \n[CVE-2022-38006](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38006>) \n[CVE-2022-38005](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38005>) \n[CVE-2022-35831](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35831>) \n[CVE-2022-34723](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34723>) \n[CVE-2022-37959](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37959>) \n[CVE-2022-34725](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34725>) \n[CVE-2022-38011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38011>) \n[CVE-2022-37956](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37956>) \n[CVE-2022-34733](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34733>) \n[CVE-2022-35836](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35836>) \n[CVE-2022-35833](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35833>) \n[CVE-2022-35832](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35832>) \n[CVE-2022-37958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958>) \n[CVE-2022-35835](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835>) \n[CVE-2022-33679](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679>) \n[CVE-2022-26928](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26928>) \n[CVE-2022-37954](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37954>) \n[CVE-2022-34734](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34734>) \n[CVE-2022-34728](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34728>) \n[CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>) \n[CVE-2022-35841](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35841>) \n[CVE-2022-34720](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34720>) \n[CVE-2022-34719](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34719>) \n[CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) \n[CVE-2022-35837](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837>) \n[CVE-2022-38019](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38019>) \n[CVE-2022-30196](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30196>) \n[CVE-2022-35838](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35838>) \n[CVE-2022-35834](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35834>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2022-35840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35840>)5.0Critical \n[CVE-2022-38004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38004>)5.0Critical \n[CVE-2022-34727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34727>)5.0Critical \n[CVE-2022-37969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37969>)5.0Critical \n[CVE-2022-30170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30170>)5.0Critical \n[CVE-2022-34724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34724>)5.0Critical \n[CVE-2022-33647](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33647>)5.0Critical \n[CVE-2022-34732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34732>)5.0Critical \n[CVE-2022-35830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35830>)5.0Critical \n[CVE-2022-34726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34726>)5.0Critical \n[CVE-2022-34718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718>)5.0Critical \n[CVE-2022-34721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34721>)5.0Critical \n[CVE-2022-37957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37957>)5.0Critical \n[CVE-2022-37955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37955>)5.0Critical \n[CVE-2022-34731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34731>)5.0Critical \n[CVE-2022-35803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35803>)5.0Critical \n[CVE-2022-30200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30200>)5.0Critical \n[CVE-2022-34730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34730>)5.0Critical \n[CVE-2022-34729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34729>)5.0Critical \n[CVE-2022-38006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38006>)5.0Critical \n[CVE-2022-38005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38005>)5.0Critical \n[CVE-2022-35831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35831>)5.0Critical \n[CVE-2022-34723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34723>)5.0Critical \n[CVE-2022-37959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37959>)5.0Critical \n[CVE-2022-34725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34725>)5.0Critical \n[CVE-2022-38011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38011>)5.0Critical \n[CVE-2022-37956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37956>)5.0Critical \n[CVE-2022-34733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34733>)5.0Critical \n[CVE-2022-35836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35836>)5.0Critical \n[CVE-2022-35833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35833>)5.0Critical \n[CVE-2022-35832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35832>)5.0Critical \n[CVE-2022-37958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958>)5.0Critical \n[CVE-2022-35835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35835>)5.0Critical \n[CVE-2022-33679](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679>)5.0Critical \n[CVE-2022-26928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26928>)5.0Critical \n[CVE-2022-37954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37954>)5.0Critical \n[CVE-2022-34734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34734>)5.0Critical \n[CVE-2022-34728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728>)5.0Critical \n[CVE-2022-23960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960>)1.9Warning \n[CVE-2022-35841](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35841>)5.0Critical \n[CVE-2022-34720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720>)5.0Critical \n[CVE-2022-34719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34719>)5.0Critical \n[CVE-2022-34722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34722>)5.0Critical \n[CVE-2022-35837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35837>)5.0Critical \n[CVE-2022-38019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38019>)5.0Critical \n[CVE-2022-30196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30196>)5.0Critical \n[CVE-2022-35838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35838>)5.0Critical \n[CVE-2022-35834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35834>)5.0Critical\n\n### *KB list*:\n[5017392](<http://support.microsoft.com/kb/5017392>) \n[5017377](<http://support.microsoft.com/kb/5017377>) \n[5017316](<http://support.microsoft.com/kb/5017316>) \n[5017327](<http://support.microsoft.com/kb/5017327>) \n[5017365](<http://support.microsoft.com/kb/5017365>) \n[5017367](<http://support.microsoft.com/kb/5017367>) \n[5017315](<http://support.microsoft.com/kb/5017315>) \n[5017305](<http://support.microsoft.com/kb/5017305>) \n[5017328](<http://support.microsoft.com/kb/5017328>) \n[5017308](<http://support.microsoft.com/kb/5017308>) \n[5017370](<http://support.microsoft.com/kb/5017370>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "kaspersky", "title": "KLA19245 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-26928", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34723", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006", "CVE-2022-38011", "CVE-2022-38019"], "modified": "2022-09-15T00:00:00", "id": "KLA19245", "href": "https://threats.kaspersky.com/en/vulnerability/KLA19245/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2022-12-29T21:16:40", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-35835", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35835", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:40", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-35840", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35840", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:40", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-35834", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35834", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:40", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-35836", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35836", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:35", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-34731", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34731", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:35", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-14T07:00:00", "id": "MS:CVE-2022-34733", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34733", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:35", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-08T08:00:00", "id": "MS:CVE-2022-34734", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34734", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:37", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34727", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34727", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:35", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-08T08:00:00", "id": "MS:CVE-2022-34732", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34732", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:37", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34726", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34726", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:36", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-08T08:00:00", "id": "MS:CVE-2022-34730", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34730", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:40", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-11-08T08:00:00", "id": "MS:CVE-2022-35837", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35837", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:36", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34728", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34728", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:33", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-38006", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38006", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:41", "description": "Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Secure Channel Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-30196", "CVE-2022-35833"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35833", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35833", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:45", "description": "Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Secure Channel Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-30196", "CVE-2022-35833"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-30196", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30196", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:45", "description": "Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Kerberos Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-33679", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33679", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:42", "description": "Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Kerberos Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-33647", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33647", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:38", "description": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34721", "CVE-2022-34722"], "modified": "2022-09-23T07:00:00", "id": "MS:CVE-2022-34721", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:38", "description": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34721", "CVE-2022-34722"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34722", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:45", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35803", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35803", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:31", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37969", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:40", "description": "HTTP V3 Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "HTTP V3 Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35838"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35838", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35838", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:35", "description": "DirectX Graphics Kernel Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "DirectX Graphics Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37954"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37954", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37954", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:39", "description": "Windows Enterprise App Management Service Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Enterprise App Management Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35841"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35841", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35841", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:41", "description": "Windows Remote Access Connection Manager Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Remote Access Connection Manager Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35831"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35831", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35831", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:41", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35830"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35830", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35830", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:41", "description": "Windows Event Tracing Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Event Tracing Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35832"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35832", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35832", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:37", "description": "Windows ALPC Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows ALPC Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34725"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34725", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34725", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:42", "description": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-30200"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-30200", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30200", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:37", "description": "Windows DNS Server Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows DNS Server Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34724"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34724", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34724", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:34", "description": "Windows Group Policy Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Group Policy Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37955"], "modified": "2022-09-20T07:00:00", "id": "MS:CVE-2022-37955", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37955", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:39", "description": "Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Distributed File System (DFS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34719"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34719", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34719", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:39", "description": "Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34720"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34720", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34720", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:45", "description": "Windows Credential Roaming Service Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Credential Roaming Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-30170", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30170", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:36", "description": "Windows GDI Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows GDI Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34729"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-34729", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34729", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:33", "description": "Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37959"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37959", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37959", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:39", "description": "Windows TCP/IP Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows TCP/IP Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34718"], "modified": "2022-09-23T07:00:00", "id": "MS:CVE-2022-34718", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-03T20:23:58", "description": "SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37958"], "modified": "2022-12-13T08:00:00", "id": "MS:CVE-2022-37958", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37958", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:33", "description": "Windows Print Spooler Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-38005"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-38005", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38005", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-30T18:21:24", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37964", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37964", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:34", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37957", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37957", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:34", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37956", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37956", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-09-16T19:04:22", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34731", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-16T17:17:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-34731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34731", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:21", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34733", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-16T17:06:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-34733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34733", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-17T05:23:52", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35836", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-17T00:14:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-35836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35836", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*"]}, {"lastseen": "2022-09-16T19:04:19", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35835", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-16T16:34:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-35835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35835", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:16", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35834", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-16T17:35:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-35834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35834", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:14", "description": "Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35840", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34731", "CVE-2022-34733", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35840"], "modified": "2022-09-16T17:41:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-35840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35840", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-15T22:34:18", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34727", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-09-15T20:51:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34727", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34727", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:azure:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-11-14T17:37:17", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34732", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-14T15:24:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2022-34732", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34732", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:19", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34726", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-09-15T20:52:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34726", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34726", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-11-14T17:37:18", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34730", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-14T15:24:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2022-34730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34730", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-11-14T17:37:18", "description": "Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34734", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34730", "CVE-2022-34732", "CVE-2022-34734"], "modified": "2022-11-14T15:24:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2022-34734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34734", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-11-16T06:37:25", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35837", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-11-14T14:36:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2022-35837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35837", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}, {"lastseen": "2022-09-16T20:39:51", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-38006", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-09-16T18:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-38006", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38006", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:24", "description": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34728", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34728", "CVE-2022-35837", "CVE-2022-38006"], "modified": "2022-09-16T17:30:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-34728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34728", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:16", "description": "Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35833", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-30196", "CVE-2022-35833"], "modified": "2022-09-16T16:20:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-35833", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35833", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-15T20:41:25", "description": "Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-30196", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-30196", "CVE-2022-35833"], "modified": "2022-09-15T19:50:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2"], "id": "CVE-2022-30196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30196", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:24", "description": "Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-33647", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-09-15T20:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2022-33647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33647", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:24", "description": "Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-33679", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-09-15T20:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2022-33679", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33679", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:21", "description": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34721", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34721", "CVE-2022-34722"], "modified": "2022-09-15T20:23:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34721", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:22", "description": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34722", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34721", "CVE-2022-34722"], "modified": "2022-09-15T20:22:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34722", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-16T20:40:30", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35803", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-16T19:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-35803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35803", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-30T20:45:40", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37969", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-30T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-37969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-16T19:04:14", "description": "HTTP V3 Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35838", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35838"], "modified": "2022-09-16T17:26:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-35838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35838", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2022-09-16T20:40:07", "description": "Windows Enterprise App Management Service Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35841", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35841"], "modified": "2022-09-16T18:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-35841", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35841", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T16:21:23", "description": "Windows Remote Access Connection Manager Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35831", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35831"], "modified": "2022-09-16T15:55:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2022:-"], "id": "CVE-2022-35831", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35831", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-17T05:23:49", "description": "DirectX Graphics Kernel Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37954", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37954"], "modified": "2022-09-17T00:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:21h1"], "id": "CVE-2022-37954", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37954", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-09-16T16:21:25", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35830", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35830"], "modified": "2022-09-16T15:48:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2022:-"], "id": "CVE-2022-35830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35830", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*"]}, {"lastseen": "2022-09-16T19:04:17", "description": "Windows Event Tracing Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35832", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35832"], "modified": "2022-09-16T16:07:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-35832", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35832", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-15T22:34:19", "description": "Windows ALPC Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34725", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34725"], "modified": "2022-09-15T20:52:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34725", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34725", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:25", "description": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-30200", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-30200"], "modified": "2022-09-15T20:16:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-30200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30200", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T22:34:20", "description": "Windows DNS Server Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34724", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34724"], "modified": "2022-09-15T20:54:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2022-34724", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34724", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-16T19:04:15", "description": "Windows Group Policy Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37955", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37955"], "modified": "2022-09-16T17:21:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-37955", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37955", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:28", "description": "Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34719", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34719"], "modified": "2022-09-16T17:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-34719", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34719", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-15T22:34:22", "description": "Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34720", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34720"], "modified": "2022-09-15T20:23:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34720", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-15T20:41:27", "description": "Windows Credential Roaming Service Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-30170", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2022-09-15T19:52:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2022-30170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30170", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-16T19:04:23", "description": "Windows GDI Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34729", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34729"], "modified": "2022-09-16T17:29:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2022-34729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34729", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:11", "description": "Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37959", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37959"], "modified": "2022-09-16T17:41:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2022-37959", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37959", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-17T05:24:01", "description": "Windows TCP/IP Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-34718", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34718"], "modified": "2022-09-17T01:22:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2022:-"], "id": "CVE-2022-34718", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34718", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"]}, {"lastseen": "2023-01-03T19:19:53", "description": "SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37958", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37958"], "modified": "2023-01-03T18:06:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:21h1"], "id": "CVE-2022-37958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37958", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-16T20:39:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-38005", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-38005"], "modified": "2022-09-16T18:19:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-38005", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38005", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:12", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37957", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-09-16T17:55:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2"], "id": "CVE-2022-37957", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37957", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T19:04:08", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37964", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-09-16T17:23:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2022-37964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37964", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-10-28T22:14:56", "description": "Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37956", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964"], "modified": "2022-10-28T20:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-37956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37956", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*"]}], "talosblog": [{"lastseen": "2022-09-13T22:03:34", "description": "[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuO39qViCMNUgBL52lm6Fv2cO1TtchRuF5B5XrgdX8JNq21qnSgOoDKRj_Jw5YErgTODjyjUG_toBkvjBULrU-KqeAP39DYFZpdH-3cjSLiSIfqjtKpaCs8PGtoFT-BYkUrHb8-dagNtPzxKDhHijqCJEe1RhClOI0-B6axkA8WsLDMrmMM7In_4Ud/s16000/patch%20tuesday.jpg)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuO39qViCMNUgBL52lm6Fv2cO1TtchRuF5B5XrgdX8JNq21qnSgOoDKRj_Jw5YErgTODjyjUG_toBkvjBULrU-KqeAP39DYFZpdH-3cjSLiSIfqjtKpaCs8PGtoFT-BYkUrHb8-dagNtPzxKDhHijqCJEe1RhClOI0-B6axkA8WsLDMrmMM7In_4Ud/s1001/patch%20tuesday.jpg>)\n\n_By Jon Munshaw and Asheer Malhotra. _\n\nMicrosoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company\u2019s hardware and software line, a sharp decline from the [record number of issues](<https://blog.talosintelligence.com/2022/08/microsoft-patch-tuesday-for-august-2022.html>) Microsoft disclosed last month. \n\nSeptember's security update features five critical vulnerabilities, 10 fewer than were included in last month\u2019s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that\u2019s already been patched as a part of a recent Google Chromium update. The remainder is considered \u201cimportant.\u201d \n\nThe most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered \u201cmore likely\u201d to be exploited by Microsoft. \n\nMicrosoft disclosed one vulnerability that's being actively exploited in the wild \u2014 [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>). Microsoft's advisory states this vulnerability is already circulating in the wild and could allow an attacker to gain SYSTEM-level privileges by exploiting the Windows Common Log File System Driver. The adversary must first have the access to the targeted system and then run specific code, though no user interaction is required. \n\n\n \n\n\n[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>) and [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) also have severity scores of 9.8, though they are \u201cless likely\u201d to be exploited, according to Microsoft. These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet.\n\nTwo other critical vulnerabilities, [CVE-2022-35805](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35805>) and [CVE-2022-34700](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34700>) exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner. \n\nTalos would also like to highlight five important vulnerabilities that Microsoft considers to be \u201cmore likely\u201d to be exploited: \n\n * [CVE-2022-37957](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37957>) \u2014 Windows Kernel Elevation of Privilege Vulnerability \n * [CVE-2022-35803](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35803>) \u2014 Windows Common Log File System Driver Elevation of Privilege Vulnerability \n * [CVE-2022-37954](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37954>) \u2014 DirectX Graphics Kernel Elevation of Privilege Vulnerability \n * [CVE-2022-34725](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34725>) \u2014 Windows ALPC Elevation of Privilege Vulnerability \n * [CVE-2022-34729](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34729>) \u2014 Windows GDI Elevation of Privilege Vulnerability \n\nA complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. \n\nIn response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n\nThe rules included in this release that protect against the exploitation of many of these vulnerabilities are 60546, 60547, 60549, 60550 and 60552 - 60554. We've also released Snort 3 rules 300266 - 300270.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T18:01:00", "type": "talosblog", "title": "Microsoft Patch Tuesday for September 2022 \u2014 Snort rules and prominent vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34725", "CVE-2022-34729", "CVE-2022-35803", "CVE-2022-35805", "CVE-2022-37954", "CVE-2022-37957", "CVE-2022-37969"], "modified": "2022-09-13T18:24:22", "id": "TALOSBLOG:E99AAC7F44B9D1EA471CB0F2A592FA92", "href": "http://blog.talosintelligence.com/2022/09/microsoft-patch-tuesday-for-september.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2022-09-13T22:03:40", "description": "![Patch Tuesday - September 2022](https://blog.rapid7.com/content/images/2022/09/patches-2.jpg)\n\nThis month\u2019s [Patch Tuesday](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) is on the lighter side, with 79 CVEs being fixed by Microsoft (including 16 CVEs affecting Chromium, used by their Edge browser, that were already available). One zero-day was announced: [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969>) is an elevation of privilege vulnerability affecting the Log File System Driver in all supported versions of Windows, allowing attackers to gain SYSTEM-level access on an asset they\u2019ve already got an initial foothold in. Interestingly, Microsoft credits four separate researchers/organizations for independently reporting this, which may be indicative of relatively widespread exploitation. Also previously disclosed (in March), though less useful to attackers, Microsoft has released a fix for [CVE-2022-23960](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23960>) (aka Spectre-BHB) for Windows 11 on ARM64.\n\nSome of the more noteworthy vulnerabilities this month affect Windows systems with IPSec enabled. [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718>) allows remote code execution (RCE) on any Windows system reachable via IPv6; [CVE-2022-34721](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721>) and [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722>) are RCE vulnerabilities in the Windows Internet Key Exchange (IKE) Protocol Extensions. All three CVEs are ranked Critical and carry a CVSSv3 base score of 9.8. Rounding out the Critical RCEs this month are [CVE-2022-35805](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805>) and [CVE-2022-34700](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700>), both of which affect Microsoft Dynamics (on-premise) and have a CVSSv3 base score of 8.8. Any such systems should be updated immediately.\n\nSharePoint administrators should also be aware of four separate RCEs being addressed this month. They\u2019re ranked Important, meaning Microsoft recommends applying the updates at the earliest opportunity. Finally, a large swath of CVEs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver were also fixed. These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file.\n\n## Summary charts\n\n![Patch Tuesday - September 2022](https://blog.rapid7.com/content/images/2022/09/2022-09-vuln_count_severity.png)![Patch Tuesday - September 2022](https://blog.rapid7.com/content/images/2022/09/2022-09-vuln_count_impact.png)![Patch Tuesday - September 2022](https://blog.rapid7.com/content/images/2022/09/2022-09-cvssv3_hist.png)![Patch Tuesday - September 2022](https://blog.rapid7.com/content/images/2022/09/2022-09-vuln_count_component.png)\n\n## Summary tables\n\n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38007>) | Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38012](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38012>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 7.7 | Yes \n[CVE-2022-3075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3075>) | Chromium: CVE-2022-3075 Insufficient data validation in Mojo | No | No | N/A | Yes \n[CVE-2022-3058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3058>) | Chromium: CVE-2022-3058 Use after free in Sign-In Flow | No | No | N/A | Yes \n[CVE-2022-3057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3057>) | Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox | No | No | N/A | Yes \n[CVE-2022-3056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3056>) | Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy | No | No | N/A | Yes \n[CVE-2022-3055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3055>) | Chromium: CVE-2022-3055 Use after free in Passwords | No | No | N/A | Yes \n[CVE-2022-3054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3054>) | Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools | No | No | N/A | Yes \n[CVE-2022-3053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3053>) | Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock | No | No | N/A | Yes \n[CVE-2022-3047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3047>) | Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API | No | No | N/A | Yes \n[CVE-2022-3046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3046>) | Chromium: CVE-2022-3046 Use after free in Browser Tag | No | No | N/A | Yes \n[CVE-2022-3045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3045>) | Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 | No | No | N/A | Yes \n[CVE-2022-3044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3044>) | Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation | No | No | N/A | Yes \n[CVE-2022-3041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3041>) | Chromium: CVE-2022-3041 Use after free in WebSQL | No | No | N/A | Yes \n[CVE-2022-3040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3040>) | Chromium: CVE-2022-3040 Use after free in Layout | No | No | N/A | Yes \n[CVE-2022-3039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3039>) | Chromium: CVE-2022-3039 Use after free in WebSQL | No | No | N/A | Yes \n[CVE-2022-3038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3038>) | Chromium: CVE-2022-3038 Use after free in Network Service | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-26929](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26929>) | .NET Framework Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38013](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38020>) | Visual Studio Code Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n \n### ESU vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-37964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37964>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n### Microsoft Dynamics vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35805](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805>) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700>) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38008>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38009>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-37961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37961>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35823](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35823>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-37962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37962>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38010>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37963>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35828](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35828>) | Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35841](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35841>) | Windows Enterprise App Management Service Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30196>) | Windows Secure Channel Denial of Service Vulnerability | No | No | 8.2 | Yes \n[CVE-2022-37957](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37957>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37954](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37954>) | DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38019>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35838>) | HTTP V3 Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38011>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-26928](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26928>) | Windows Photo Import API Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-34725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34725>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-37959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37959>) | Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35831](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35831>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34723>) | Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-23960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23960>) | Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability | No | Yes | N/A | Yes \n \n### Windows ESU vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-34718](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-34721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-34722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-35834](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35834>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35835](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35835>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35836>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35840](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35840>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34731>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34733>) | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34726>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34727>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34730>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34732>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34734>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-33679](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-33647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35830>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-38005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38005>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30200>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37956](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37955](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37955>) | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34729>) | Windows GDI Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38004](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38004>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34719>) | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Yes | Yes | 7.8 | Yes \n[CVE-2022-35803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35803>) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35833](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35833>) | Windows Secure Channel Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-34720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34720>) | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-34724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34724>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-37958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958>) | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30170>) | Windows Credential Roaming Service Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-38006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38006>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-34728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34728>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-35832](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35832>) | Windows Event Tracing Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2022-35837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5 | Yes \n \n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T20:11:08", "type": "rapid7blog", "title": "Patch Tuesday - September 2022", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-26928", "CVE-2022-26929", "CVE-2022-30170", "CVE-2022-30196", "CVE-2022-30200", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3075", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34719", "CVE-2022-34720", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34723", "CVE-2022-34724", "CVE-2022-34725", "CVE-2022-34726", "CVE-2022-34727", "CVE-2022-34728", "CVE-2022-34729", "CVE-2022-34730", "CVE-2022-34731", "CVE-2022-34732", "CVE-2022-34733", "CVE-2022-34734", "CVE-2022-35803", "CVE-2022-35805", "CVE-2022-35823", "CVE-2022-35828", "CVE-2022-35830", "CVE-2022-35831", "CVE-2022-35832", "CVE-2022-35833", "CVE-2022-35834", "CVE-2022-35835", "CVE-2022-35836", "CVE-2022-35837", "CVE-2022-35838", "CVE-2022-35840", "CVE-2022-35841", "CVE-2022-37954", "CVE-2022-37955", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37958", "CVE-2022-37959", "CVE-2022-37961", "CVE-2022-37962", "CVE-2022-37963", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38005", "CVE-2022-38006", "CVE-2022-38007", "CVE-2022-38008", "CVE-2022-38009", "CVE-2022-38010", "CVE-2022-38011", "CVE-2022-38012", "CVE-2022-38013", "CVE-2022-38019", "CVE-2022-38020"], "modified": "2022-09-13T20:11:08", "id": "RAPID7BLOG:207700353EDB2453B1928E90A6683A0E", "href": "https://blog.rapid7.com/2022/09/13/patch-tuesday-september-2022/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "avleonov": [{"lastseen": "2022-09-24T00:03:21", "description": "Hello everyone! Let's take a look at Microsoft's September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239101>\n \n \n $ cat comments_links.txt \n Qualys|September 2022 Patch Tuesday|https://blog.qualys.com/vulnerabilities-threat-research/2022/09/13/september-2022-patch-tuesday\n ZDI|THE SEPTEMBER 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/9/13/the-september-2022-security-update-review\n Kaspersky|Patches for 64 vulnerabilities in Microsoft products released|https://www.kaspersky.com/blog/microsoft-patch-tuesday-september-2022/45501/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"September\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: September\n MS PT Date: 2022-09-13\n MS PT CVEs found: 63\n Ext MS PT Date from: 2022-08-10\n Ext MS PT Date to: 2022-09-12\n Ext MS PT CVEs found: 27\n ALL MS PT CVEs: 90\n ...\n\n * Urgent: 0\n * Critical: 1\n * High: 41\n * Medium: 44\n * Low: 4\n\n## Exploitable vulnerabilities\n\nThere are no vulnerabilities with public exploits yet. There are 3 vulnerabilities for which there is a Proof-of-Concept Exploit according to data from CVSS.\n\n 1. **Elevation of Privilege **- Kerberos (CVE-2022-33679). An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.\n 2. **Elevation of Privilege **- Azure Guest Configuration and Azure Arc-enabled servers (CVE-2022-38007). An attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons. \n 3. **Elevation of Privilege** - Windows GDI (CVE-2022-34729). An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\nBut the likelihood that these exploits will be used in real attacks seems low.\n\n## Exploitation in the wild\n\nThere are 3 vulnerabilities with a sign of exploitation in the wild:\n\n * **Elevation of Privilege** - Windows Common Log File System Driver (CVE-2022-37969). An attacker must already have access and the ability to run code on the target system. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability affects many versions of Windows, there are patches even for EOL versions. In addition to this vulnerability, there was a bunch of EoPs in Windows with no signs of exploitation in the wild, for example **Elevation of Privilege** - Windows Kernel (CVE-2022-37956, CVE-2022-37957, CVE-2022-37964)\n * **Security Feature Bypass** - Microsoft Edge (CVE-2022-2856, CVE-2022-3075). Edge vulnerabilities are actually Chromium vulnerabilities. This is the downside of using the same engine. Chrome vulnerabilities also affect Edge, Opera, Brave, Vivaldi, etc.\n\n## IP packet causes RCE\n\n**Remote Code Execution** - Windows TCP/IP (CVE-2022-34718). An unauthorized attacker can use it to execute arbitrary code on the attacked Windows computer with the IPSec service enabled by sending a specially crafted IPv6 packet to it. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled. IPsec and IPv6 are evil. ![\ud83d\ude42](https://s.w.org/images/core/emoji/14.0.0/72x72/1f642.png) But seriously, it's bad that this is even possible.\n\nAnd that's not all, there's more. **Remote Code Execution** - Windows Internet Key Exchange (IKE) Protocol Extensions (CVE-2022-34721, CVE-2022-34722). The IKE protocol is a component of IPsec used to set up security associations (relationships among devices based on shared security attributes). An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. Although these vulnerabilities only affect the IKEv1 protocol version, Microsoft reminds that all Windows Server systems are vulnerable because they accept both v1 and v2 packets.\n\n## Windows DNS Server DoS\n\n**Denial of Service** - Windows DNS Server (CVE-2022-34724). This bug is only rated Important since there\u2019s no chance of code execution, but you should probably treat it as Critical due to its potential impact. A remote, unauthenticated attacker could create a denial-of-service (DoS) condition on your DNS server. It\u2019s not clear if the DoS just kills the DNS service or the whole system. Shutting down DNS is always bad, but with so many resources in the cloud, a loss of DNS pointing the way to those resources could be catastrophic for many enterprises.\n\n## Spectre-BHB\n\n**Memory Corruption** - ARM processor (CVE-2022-23960). This is yet another variation of the Spectre vulnerability (this time Specter-BHB), which interferes with a processor\u2019s speculative execution of instructions mechanism. In other words, the probability of its use in real attacks is extremely small \u2014 the danger is somewhat theoretical. But almost all Patch Tuesday reviewers paid attention to this vulnerability.\n\nFull Vulristics report: [ms_patch_tuesday_september2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-23T22:44:11", "type": "avleonov", "title": "Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34729", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38007"], "modified": "2022-09-23T22:44:11", "id": "AVLEONOV:75C789BDAA68C1C2CEC0F20F1D138B01", "href": "https://avleonov.com/2022/09/24/microsoft-patch-tuesday-september-2022-clfs-driver-eop-ip-packet-causes-rce-windows-dns-server-dos-spectre-bhb/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-12-25T12:09:22", "description": "Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source [Vulristics](<https://github.com/leonov-av/vulristics>) project to analyse and prioritize vulnerabilities. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239112>\n\nBut let's start with an older vulnerability. This will be another example why vulnerability prioritization is a tricky thing and you should patch everything. In the [September Microsoft Patch Tuesday](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html>) there was a vulnerability **Information Disclosure** - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism (CVE-2022-37958), which was completely unnoticed by everyone. Not a single VM vendor paid attention to it in their reviews. I didn't pay attention either. \n\n**SPNEGO** **(Simple and Protected GSSAPI Negotiation Mechanism)** is a [GSSAPI](<https://en.wikipedia.org/wiki/GSSAPI>) "pseudo mechanism" used by client-server software to negotiate the choice of security technology. SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. Who knows what kind of disclosure there might be. This vulnerability had CVSS 7.5 (High), not even Critical.\n\nAnd then on December 13th, IBM Security X-Force researcher [Valentina Palmiotti posts a video exploiting this vulnerability](<https://twitter.com/chompie1337/status/1602757336908660736>), which turns out to be Remote Code Execution. In this video, a Python script is executed in a Linux virtual machine, and in a Windows 10 virtual machine, the message _"Your PC will automatically restart in one minute"_ appears, which indicates that some code was executed there. The researcher is famous and it is highly unlikely that the video is fake.\n\n![](https://avleonov.com/wp-content/uploads/2022/12/Valentina-video-1024x416.png)\n\nIt turned out that the vulnerability can be exploited during the authentication attempts. The vulnerability affects various protocols. Primarily RDP and SMB. It may be relevant for SMTP, HTTP and others with a non-standard configuration. So, this vulnerability could potentially be worse than EternalBlue.\n\nMicrosoft [has made changes](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958>) to the description of the vulnerability. Now it is Critical RCE. NVD [hasn't made any changes](<https://nvd.nist.gov/vuln/detail/CVE-2022-37958>) yet. IBM [promises not to release details](<https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/>) until the second quarter of 2023 to give people time to patch.\n\nNow let's look at the most interesting vulnerabilities of Microsoft Patch Tuesday for December 2022.\n \n \n $ cat comments_links.txt \n Qualys|December 2022 Patch Tuesday|https://blog.qualys.com/vulnerabilities-threat-research/patch-tuesday/2022/12/13/the-december-2022-patch-tuesday-security-update-review\n ZDI|THE DECEMBER 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/12/13/the-december-2022-security-update-review\n \n $ python3.8 process_classify_ms_products.py # Automated classifier for Microsoft products\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"December\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: December\n MS PT Date: 2022-12-13\n MS PT CVEs found: 49\n Ext MS PT Date from: 2022-11-09\n Ext MS PT Date to: 2022-12-12\n Ext MS PT CVEs found: 32\n ALL MS PT CVEs: 81\n ...\n\n * All vulnerabilities: 80\n * Urgent: 0\n * Critical: 3\n * High: 29\n * Medium: 48\n * Low: 0\n\nThere were 2 vulnerabilities with signs of exploitation in the wild:\n\n 1. **Security Feature Bypass** - Windows SmartScreen (CVE-2022-44698). It is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won\u2019t get tagged with Microsoft's "Mark of the Web" despite being downloaded from untrusted sites. Exploitation in the wild is mentioned on Vulners ([cisa_kev](<https://vulners.com/cisa_kev/CISA-KEV-CVE-2022-44698>) object), [AttackerKB](<https://attackerkb.com/topics/CF6S51qnlZ/cve-2022-44698>), [Microsoft](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698>) websites. The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Functional Exploit). To be honest, I do not consider these warnings from the operating system to be effective. Therefore, this vulnerability does not seem very critical to me. I think an Antivirus or EDR solution should block suspicious files from running in the first place.\n 2. **Memory Corruption** - Microsoft Edge (CVE-2022-4135, CVE-2022-4262). Exploitation in the wild is mentioned on Vulners ([cisa_kev](<https://vulners.com/cisa_kev/CISA-KEV-CVE-2022-4135>) object), [AttackerKB](<https://attackerkb.com/topics/R425pab1ga/cve-2022-4135>) websites. [CVE-2022-4135](<https://vulners.com/cve/CVE-2022-4135>): Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High). [CVE-2022-4262](<https://vulners.com/cve/CVE-2022-4262>): Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\nAmong other vulnerabilities without public exploits and signs of exploitation in the wild, it makes sense to pay attention to the following:\n\n 1. **Remote Code Execution** - Microsoft PowerShell (CVE-2022-41076). This critical vulnerability affects PowerShell where any authenticate user, regardless of its privilege could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. It is worth mentioning that, typically after the initial breach, attackers use the tools available on the system to keep the preserve or advance around a network, and PowerShell is one of the more capable tools they can find. \n 2. **Remote Code Execution** - Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-44670, CVE-2022-44676). This critical vulnerability affects Windows Secure Socket Tunneling Protocol (SSTP), and according to Microsoft, an attacker would need to win a race condition to successfully exploit these bugs. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. If you do not have this service, disable it. \n 3. Among the **Elevation of Privilege **vulnerabilities, I would like to highlight a vulnerability in DirectX Graphics Kernel (CVE-2022-44710) and Windows Print Spooler (CVE-2022-44678, CVE-2022-44681).\n\nFull Vulristics report: [ms_patch_tuesday_december2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_december2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-24T22:55:39", "type": "avleonov", "title": "Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-37958", "CVE-2022-41076", "CVE-2022-4135", "CVE-2022-4262", "CVE-2022-44670", "CVE-2022-44676", "CVE-2022-44678", "CVE-2022-44681", "CVE-2022-44698", "CVE-2022-44710"], "modified": "2022-12-24T22:55:39", "id": "AVLEONOV:E5467F48E50B8E100B59F5D3A20F8BC8", "href": "https://avleonov.com/2022/12/25/microsoft-patch-tuesday-december-2022-spnego-rce-mark-of-the-web-bypass-edge-memory-corruptions/", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-10-12T08:05:16", "description": "[![Windows Zero-Day](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiq0vVMccKuTq9vBkLdPdqmhFsx4VGp16Gn_0agg6m1Mm6VnBpjWpj1B3PtCDO02Rc8BuDFnPaz2MQCSdWR5Xln_UfGBJaXtNH7W4LmT5CCSulXkepNrK6B9RERXqqKwakUvLmKjJJlRYVvrsB9JV9eAezHUBd4exVXef3ElX_W1Z_q4FP6c-ROsjuK/s728-e1000/windows.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiq0vVMccKuTq9vBkLdPdqmhFsx4VGp16Gn_0agg6m1Mm6VnBpjWpj1B3PtCDO02Rc8BuDFnPaz2MQCSdWR5Xln_UfGBJaXtNH7W4LmT5CCSulXkepNrK6B9RERXqqKwakUvLmKjJJlRYVvrsB9JV9eAezHUBd4exVXef3ElX_W1Z_q4FP6c-ROsjuK/s728-e100/windows.jpg>)\n\nTech giant Microsoft on Tuesday shipped fixes to quash [64 new security flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks.\n\nOf the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to [16 vulnerabilities](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) that Microsoft addressed in its Chromium-based Edge browser earlier this month.\n\n\"In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months,\" Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News.\n\n\"However, this month hit a sizable milestone for the calendar year, with MSFT having fixed the 1000th CVE of 2022 \u2013 likely on track to surpass 2021, which patched 1,200 CVEs in total.\"\n\nThe actively exploited vulnerability in question is [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969>) (CVSS score: 7.8), a privilege escalation flaw affecting the Windows Common Log File System ([CLFS](<https://docs.microsoft.com/en-us/previous-versions/windows/desktop/clfs/common-log-file-system-portal>)) Driver, which could be leveraged by an adversary to gain SYSTEM privileges on an already compromised asset.\n\n\"An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,\" Microsoft said in an advisory.\n\nThe tech giant credited four different sets of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the flaw, which may be an indication of widespread exploitation in the wild, Greg Wiseman, product manager at Rapid7, said in a statement.\n\nCVE-2022-37969 is also the second actively exploited zero-day flaw in the CLFS component after [CVE-2022-24521](<https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html>) (CVSS score: 7.8) since the start of the year, the latter of which was resolved by Microsoft as part of its April 2022 Patch Tuesday updates.\n\nIt's not immediately clear if CVE-2022-37969 is a patch bypass for CVE-2022-24521. Other critical flaws of note are as follows -\n\n * [**CVE-2022-34718**](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718>) (CVSS score: 9.8) - Windows TCP/IP Remote Code Execution Vulnerability\n * [**CVE-2022-34721**](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721>) (CVSS score: 9.8) - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability\n * [**CVE-2022-34722**](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722>) (CVSS score: 9.8) - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability\n * [**CVE-2022-34700**](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700>) (CVSS score: 8.8) - Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability\n * [**CVE-2022-35805**](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805>) (CVSS score: 8.8) - Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability\n\n\"An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation,\" Microsoft said about CVE-2022-34721 and CVE-2022-34722.\n\nAlso resolved by Microsoft are 15 remote code execution flaws in [Microsoft ODBC Driver](<https://twitter.com/HaifeiLi/status/1569741391349313536>), Microsoft OLE DB Provider for SQL Server, and Microsoft SharePoint Server and five privilege escalation bugs spanning Windows Kerberos and Windows Kernel.\n\nThe September release is further notable for patching yet another elevation of privilege vulnerability in the Print Spooler module ([CVE-2022-38005](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38005>), CVSS score: 7.8) that could be abused to obtain SYSTEM-level permissions. \n\nLastly, included in the raft of security updates is a fix released by chipmaker Arm for a speculative execution vulnerability called [Branch History Injection](<https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html>) or [Spectre-BHB](<https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB>) (CVE-2022-23960) that came to light earlier this March.\n\n\"This class of vulnerabilities poses a large headache to the organizations attempting mitigation, as they often require updates to the operating systems, firmware and in some cases, a recompilation of applications and hardening,\" Jogi said. \"If an attacker successfully exploits this type of vulnerability, they could gain access to sensitive information.\"\n\n### Software Patches from Other Vendors\n\nAside from Microsoft, security updates have also been released by other vendors since the start of the month to rectify dozens of vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [Android](<https://source.android.com/docs/security/bulletin/2022-09-01>)\n * [Apache](<https://news.apache.org/foundation/entry/the-apache-news-round-up270>) [Projects](<https://news.apache.org/foundation/entry/the-apache-news-round-up270-2>)\n * [Apple](<https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [F5](<https://support.f5.com/csp/new-updated-articles>)\n * [Fortinet](<https://www.fortiguard.com/psirt?date=09-2022>)\n * [GitLab](<https://about.gitlab.com/releases/2022/09/05/gitlab-15-3-3-released/>)\n * [Google Chrome](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>)\n * [HP](<https://thehackernews.com/2022/09/high-severity-firmware-security-flaws.html>)\n * [IBM](<https://www.ibm.com/blogs/psirt/>)\n * [Lenovo](<https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories>)\n * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/September-2022>)\n * [NVIDIA](<https://www.nvidia.com/en-us/security/>)\n * [Qualcomm](<https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2022-bulletin.html>)\n * [Samba](<https://www.samba.org/samba/history/>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n * [Trend Micro](<https://success.trendmicro.com/dcx/s/vulnerability-response?language=en_US>)\n * [VMware](<https://www.vmware.com/security/advisories.html>), and\n * [WordPress](<https://wordpress.org/news/2022/09/dropping-security-updates-for-wordpress-versions-3-7-through-4-0/>) (which is dropping support for versions 3.7 through 4.0 starting December 1, 2022)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T04:42:00", "type": "thn", "title": "Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-24521", "CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35805", "CVE-2022-37969", "CVE-2022-38005"], "modified": "2022-10-12T07:11:08", "id": "THN:D010C92A9BC9913717ECAC2624F32E80", "href": "https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-11T12:07:09", "description": "[![Hacking European Diplomatic](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiZxKv9loOhiE5QvtIiqCZhItBKYYIkzjnp5LKg1GuDHZvHpaOqkOB3hKIc0BEJwTjLK61VSBPiLid4u8M5_MZJSf1lUSHifMpbgWcIhCHd31qtUAq3TnxIjqj-SKsDulWpYpfYDiuHseo_lm7iJljFKj78hVTWzUJHNfK4twMgtKAZnVTaEbQMpQUN/s728-e1000/code.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiZxKv9loOhiE5QvtIiqCZhItBKYYIkzjnp5LKg1GuDHZvHpaOqkOB3hKIc0BEJwTjLK61VSBPiLid4u8M5_MZJSf1lUSHifMpbgWcIhCHd31qtUAq3TnxIjqj-SKsDulWpYpfYDiuHseo_lm7iJljFKj78hVTWzUJHNfK4twMgtKAZnVTaEbQMpQUN/s728-e100/code.jpg>)\n\nThe Russia-linked APT29 nation-state actor has been found leveraging a \"lesser-known\" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity.\n\n\"The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting,\" Mandiant researcher Thibault Van Geluwe de Berlaere [said](<https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming>) in a technical write-up.\n\nAPT29, a Russian espionage group also called Cozy Bear, Iron Hemlock, and The Dukes, is [known](<https://malpedia.caad.fkie.fraunhofer.de/actor/apt29>) for its intrusions aimed at collecting intelligence that align with the country's strategic objectives. It's believed to be sponsored by the Foreign Intelligence Service (SVR).\n\nSome of the adversarial collective's cyber activities are tracked publicly under the moniker [Nobelium](<https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html>), a threat cluster responsible for the widespread supply chain compromise through SolarWinds software in December 2020.\n\nThe Google-owned threat intelligence and incident response firm said it identified the use of Credential Roaming during the time APT29 was present inside the victim network in early 2022, at which point \"numerous [LDAP](<https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol>) queries with atypical properties\" were performed against the Active Directory system.\n\n[![Hacking European Diplomatic](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiTwhFkQktj5c6f9Wnidp-3xvmYp6tHaS4zuMa5m02YNVk7n4WqbJvdlPTPJ8aHEF1QzdFHAmtuSyoQ_S5wFXx7cmkihs2fzY2kuV9kWps4VwIo3Ym54q6T8WNevHyPz4r_1QKDtFqm8PcOrPegJrrRUi9FXRRguIneDONfjcelVHSk28ZqvSo1UCP3/s728-e1000/windows.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiTwhFkQktj5c6f9Wnidp-3xvmYp6tHaS4zuMa5m02YNVk7n4WqbJvdlPTPJ8aHEF1QzdFHAmtuSyoQ_S5wFXx7cmkihs2fzY2kuV9kWps4VwIo3Ym54q6T8WNevHyPz4r_1QKDtFqm8PcOrPegJrrRUi9FXRRguIneDONfjcelVHSk28ZqvSo1UCP3/s728-e100/windows.jpg>)\n\nIntroduced in Windows Server 2003 Service Pack 1 (SP1), Credential Roaming is a [mechanism](<https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/certs-on-wheels-understanding-credential-roaming/ba-p/395897>) that allows users to [access their credentials](<https://social.technet.microsoft.com/wiki/contents/articles/11483.windows-credential-roaming.aspx>) (i.e., private keys and certificates) in a secure manner across different workstations in a Windows domain.\n\nAccording to Microsoft, \"Credential Roaming is storing user credentials in the ms-PKI-DPAPIMasterKeys and ms-PKI-AccountCredentials attributes in the user object,\" with the latter described as a multi-valued LDAP property containing binary large objects (BLOBs) of encrypted credential objects.\n\nOne of the [LDAP attributes](<https://learn.microsoft.com/en-us/windows/win32/adschema/r-private-information>) queried by APT29, per the Google subsidiary, concerned ms-PKI-Credential-Roaming-Tokens, which handles the \"storage of encrypted user credential token BLOBs for roaming.\"\n\nInvestigating its inner workings further, Mandiant highlighted the discovery of an arbitrary file write vulnerability that could be weaponized by a threat actor to achieve remote code execution in the context of the logged-in victim.\n\nThe shortcoming, tracked as [CVE-2022-30170](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170>) (CVSS score 7.3), was addressed by Microsoft as part of [Patch Tuesday updates](<https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html>) shipped on September 13, 2022, with the company emphasizing that exploitation requires a user to log in to Windows.\n\n\"An attacker who successfully exploited the vulnerability could gain remote interactive logon rights to a machine where the victim's account would not normally hold such privilege,\" it noted.\n\nMandiant said the research \"offers insight into why APT29 is actively querying the related LDAP attributes in Active Directory,\" urging organizations to apply the September 2022 patches to secure against the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-09T13:47:00", "type": "thn", "title": "APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2022-11-11T11:51:18", "id": "THN:5F2987C1A3F554D79E8C056DC4B86850", "href": "https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-15T01:49:45", "description": "[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEitadGZXUXI4AOCkyRlt3uzppCEI3XFEURao07SuyRwP6I1Lz2YXQUDSMf5SG5xK3buglGbwys2oGRrGeUQds83-g5xALdMI6_bVcoxBKYFMOSgM17lM_oByYddoxLztGk8BTnQ4_vFXIY9tRQ4Ed1hy4_dUgib2H4CShQ8h6nNSwCbeBrJ-zhEHyrO/s728-e100/Windows-Update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEitadGZXUXI4AOCkyRlt3uzppCEI3XFEURao07SuyRwP6I1Lz2YXQUDSMf5SG5xK3buglGbwys2oGRrGeUQds83-g5xALdMI6_bVcoxBKYFMOSgM17lM_oByYddoxLztGk8BTnQ4_vFXIY9tRQ4Ed1hy4_dUgib2H4CShQ8h6nNSwCbeBrJ-zhEHyrO/s728-e100/Windows-Update.jpg>)\n\nDetails have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines.\n\nTracked as [CVE-2022-37969](<https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html>) (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild.\n\n\"An attacker must already have access and the ability to run code on the target system,\" the company [noted](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969>) in its advisory. \"This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.\"\n\nIt also credited researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the vulnerability without delving into additional specifics surrounding the nature of the attacks.\n\nNow, the Zscaler ThreatLabz researcher team has [disclosed](<https://www.zscaler.com/blogs/security-research/technical-analysis-zero-day-vulnerability-cve-2022-37969-part-1-root-cause>) that it captured an in-the-wild exploit for the then zero-day on September 2, 2022.\n\n\"The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file (BLF) in CLFS.sys,\" the cybersecurity firm said in a root cause analysis shared with The Hacker News.\n\n\"If the field cbSymbolZone is set to an invalid offset, an [out-of-bounds write](<https://cwe.mitre.org/data/definitions/787.html>) will occur at the invalid offset.\"\n\n[![Windows Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgRixXH9Hg4DMd-bkrwlPROAb4GdXbggPEPOspvcmVpiE4fIEJgV_anWzQXot5WFBM1p3qqLUXjvetkQG1YkRya563j2b5YfHuvnqRvU_3LK2GbXqa6tOcQm13Ror8e9TvrR5XYrygPm7ddzGES05nM1DDLEJwET22FE16VDzxRkm_ZP27tUDHKMIvF/s728-e1000/poc.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgRixXH9Hg4DMd-bkrwlPROAb4GdXbggPEPOspvcmVpiE4fIEJgV_anWzQXot5WFBM1p3qqLUXjvetkQG1YkRya563j2b5YfHuvnqRvU_3LK2GbXqa6tOcQm13Ror8e9TvrR5XYrygPm7ddzGES05nM1DDLEJwET22FE16VDzxRkm_ZP27tUDHKMIvF/s728-e100/poc.jpg>)\n\nCLFS is a [general-purpose logging service](<https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/introduction-to-the-common-log-file-system>) that can be used by software applications running in both user-mode or kernel-mode to record data as well as events and optimize log access.\n\nSome of the use cases associated with CLFS include online transaction processing (OLTP), network events logging, compliance audits, and threat analysis.\n\nAccording to Zscaler, the vulnerability is rooted in a metadata block called base record that's present in a [base log file](<https://learn.microsoft.com/en-us/previous-versions/windows/desktop/clfs/creating-a-log-file>), which is generated when a log file is created using the CreateLogFile() function.\n\n\"[Base record] contains the [symbol tables](<https://en.wikipedia.org/wiki/Symbol_table>) that store information on the various client, container and security contexts associated with the Base Log File, as well as accounting information on these,\" according to [Alex Ionescu](<https://github.com/ionescu007/clfs-docs>), chief architect at Crowdstrike.\n\nAs a result, a successful exploitation of CVE-2022-37969 via a specially crafted base log file could lead to memory corruption, and by extension, induce a system crash (aka blue screen of death or [BSoD](<https://en.wikipedia.org/wiki/Blue_screen_of_death>)) in a reliable manner.\n\nThat said, a system crash is just one of the outcomes that arises out of leveraging the vulnerability, for it could also be weaponized to achieve privilege escalation.\n\nZscaler has further made available proof-of-concept (PoC) instructions to trigger the security hole, making it essential that users of Windows upgrade to the latest version to mitigate potential threats.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T17:34:00", "type": "thn", "title": "Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37969"], "modified": "2022-10-15T01:38:37", "id": "THN:92A38DD61E285B0CDD7C80A398BDB187", "href": "https://thehackernews.com/2022/10/researchers-reveal-detail-for-windows.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-15T15:35:53", "description": "[![SPNEGO Extended Negotiation Security Vulnerability](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgCt-7RBYA-fZfdvDo4t51hauUry8CRRcANtLGiYPROjVQZLdrA8xR7LdINohxId57LYHP8_E5X9Teq3St0iZ4kD1jKaFnH_44YtiMtjXyeITRlMdELLChPcPrW01hwPJW2GpEunfcNYHF5aqbxB4SzJzzTfYo5ImguIkMR5ySs3akRj0uEWHJQ_jW8/s728-e100/hacking-computer.png>)\n\nMicrosoft has revised the severity of a security vulnerability it originally [patched in September 2022](<https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html>), upgrading it to \"Critical\" after it emerged that it could be exploited to achieve remote code execution.\n\nTracked as **CVE-2022-37958** (CVSS score: 8.1), the flaw was previously described as an [information disclosure vulnerability](<https://nvd.nist.gov/vuln/detail/CVE-2022-37958>) in SPNEGO Extended Negotiation ([NEGOEX](<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-negoex/77c795cf-e522-4678-b0f1-2063c5c0561c>)) Security Mechanism.\n\nSPNEGO, short for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), is a scheme that allows a client and remote server to arrive at a consensus on the choice of the protocol to be used (e.g., Kerberos or NTLM) for authentication.\n\nBut a [further analysis](<https://twitter.com/chompie1337/status/1602757336908660736>) of the flaw by IBM Security X-Force researcher Valentina Palmiotti found that it could allow remote execution of arbitrary code, prompting Microsoft to reclassify its severity.\n\n\"This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols,\" IBM [said](<https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/>) this week. \"It has the potential to be wormable.\"\n\nSpecially, the shortcoming could enable remote code execution via any Windows application protocol that authenticates, including HTTP, SMB, and RDP. Given the criticality of the issue, IBM said it's withholding technical details until Q2 2023 to give organizations enough time to apply the fixes.\n\n\"Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability,\" Microsoft [cautioned](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958>) in its updated advisory.\n\n\"Unlike the vulnerability ([CVE-2017-0144](<https://thehackernews.com/2017/05/eternalblue-smb-exploit.html>)) exploited by [EternalBlue](<https://thehackernews.com/2021/12/experts-detail-logging-tool-of.html>) and used in the WannaCry ransomware attacks, which only affected the SMB protocol, this vulnerability has a broader scope and could potentially affect a wider range of Windows systems due to a larger attack surface of services exposed to the public internet (HTTP, RDP, SMB) or on internal networks,\" IBM noted.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-15T13:42:00", "type": "thn", "title": "Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0144", "CVE-2022-37958"], "modified": "2022-12-15T13:46:26", "id": "THN:FB6ED90DCAF6C4F1F46D1CBFF38FC1CA", "href": "https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-09-15T00:03:31", "description": "The Microsoft [September 2022 Patch Tuesday](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) includes fixes for two publicly disclosed zero-day vulnerabilities, one of which is known to be actively exploited.\n\nFive of the 60+ security vulnerabilities were rated as "Critical", and 57 as important. Two vulnerabilities qualify as zero-days, with one of them being actively exploited.\n\n## Zero-days\n\nThe first zero-day, [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969>), is a Windows Common Log File System Driver Elevation of Privilege (EoP) vulnerability. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges, although the attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system. This flaw is already being exploited in the wild.\n\nPrivilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.\n\nThe second zero-day, [CVE-2022-23960,](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23960>) is an Arm cache speculation restriction vulnerability that is unlikely to be exploited. Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mis-predicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. The vulnerability was [disclosed](<https://www.vusec.net/projects/bhi-spectre-bhb/>) in March by researchers at VUSec.\n\n## The critical vulnerabilities\n\n[CVE-2022-35805](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35805>) and [CVE-2022-34700](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34700>) are both Microsoft Dynamics CRM (on-premises) Remote Code Execution (RCE) vulnerabilities. An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics 365 database.\n\n[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>): a Windows TCP/IP RCE vulnerability with a [CVSS score](<https://www.malwarebytes.com/blog/news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities>) of 9.8 out of 10. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. Only systems with the IPSec service running are vulnerable to this attack. Systems are not affected if IPv6 is disabled on the target machine.\n\n[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>) and [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>): are both Windows Internet Key Exchange (IKE) Protocol Extensions RCE vulnerabilities with a CVSS score of 9.8 out of 10. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. The vulnerability only impacts IKEv1. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets.\n\n## Other vendors\n\nOther vendors have synchronized their periodic updates with Microsoft. Here are few major ones:\n\n * Adobe [released seven patches](<https://helpx.adobe.com/security.html>) addressing 63 security holes in Adobe Experience Manager, Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator.\n * Earlier this month, the [Android security bulletin for September](<https://source.android.com/docs/security/bulletin/2022-09-01>) came out, which was followed up with a [Pixel specific update](<https://www.malwarebytes.com/blog/news/2022/09/update-now-google-patches-vulnerabilities-for-pixel-mobile-phones>).\n * Apple fixed at least [two zero-day vulnerabilities](<https://www.malwarebytes.com/blog/news/2022/09/update-now-apple-devices-are-exposed-to-a-new-zero-day-flaw>) when it released updates for iOS, iPadOS, macOS and Safari.\n * Cisco [released security updates](<https://tools.cisco.com/security/center/publicationListing.x>) for numerous products this month.\n * Google released a [fix for a Chrome zero-day](<https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited>).\n * Samsung has released a new [security update](<https://security.samsungmobile.com/securityUpdate.smsb>) for major flagship models.\n * SAP published its [September 2022 Patch Day](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>) updates.\n * VMware released [security advisory](<https://www.vmware.com/security/advisories/VMSA-2022-0024.html>) for VMware Tools.\n\nStay patched!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T12:00:00", "type": "malwarebytes", "title": "Update now! Microsoft patches two zero-days", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35805", "CVE-2022-37969"], "modified": "2022-09-14T12:00:00", "id": "MALWAREBYTES:8FF6ADCDE71AD78C1537280203BB4A22", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-now-microsoft-patches-two-zero-days", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-12-20T00:10:35", "description": "A critical vulnerability can send countless organizations into chaos, as security teams read up on the vulnerability, try to figure out whether it applies to their systems, download any potential patches, and deploy those fixes to affected machines. But a lot can go wrong when a vulnerability is discovered, disclosed, and addressed--an inflated severity rating, a premature disclosure, even a mixup in names.\n\nIn these instances, when the security community is readying itself for a major sea change, what it instead gets is a ripple. Here are some of the last year's biggest miscommunications and errors in security vulnerabilities. \n\n## 1\\. \"Wormable\"\n\nThere are some qualifications for vulnerabilities that send shivers up the spine of the security community as a whole. A "wormable" vulnerability is used when the possibility exists that an infected system can contribute as an active source to infect other systems. This makes the growth potential of an infection exponential. You'll often see the phrase "WannaCry like proportions" used as a warning about how bad it could get.\n\nWhich brings us to our first example: [CVE-2022-34718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34718>), a Windows TCP/IP Remote Code Execution (RCE) vulnerability with a [CVSS rating](<https://www.malwarebytes.com/blog/news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities>) of 9.8. The vulnerability could have allowed an unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction, which makes it \"wormable,\" but in the end, it turned out to be not so bad since it only affected systems with IPv6 and IPSec enabled and it was patched before an in-depth analysis of the vulnerability was [publicly disclosed](<https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf>).\n\n## 2\\. Essential building blocks\n\nSomething we've learned the hard way is that there are very popular libraries maintained by volunteers, that many other applications rely on. A library is a set of resources that can be shared among processes. Often these resources are specific functions aimed at a certain goal which can be called upon when needed so they do not have to be included in the code of the software. A prime example of such a library that caused quite some havoc was [Log4j](<https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/>).\n\nSo, when [OpenSSL announced](<https://www.malwarebytes.com/blog/news/2022/10/critical-openssl-fix-due-november-1st-get-ready-to-patch>) a fix for a critical issue in OpenSSL, everybody remembered that the last time OpenSSl fixed a critical vulnerability, that vulnerability was known as [Heartbleed](<https://www.malwarebytes.com/blog/news/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability>). The Heartbleed vulnerability was discovered and patched in 2014, but infected systems kept popping up for years.\n\nHowever, when the patch came out for the more recent OpenSSL issue, it turned out the bug had been [downgraded in severity](<https://www.malwarebytes.com/blog/news/2022/11/openssl-bug-downgraded-in-severity-patches-now-available>). That was good news all around: The patch for the two vulnerabilities is available, and the announced vulnerability wasn't as severe as we expected. And there is no known exploit for the vulnerabilities doing the rounds.\n\n## 3\\. Zero-day\n\nThe different interpretations for the term zero-day tend to be confusing as well.\n\nThe most accepted definition is:\n\n> "A zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw."\n\nBut you will almost as often see something called a zero-day because the patch is not available yet, even though the party or parties responsible for patching or otherwise fixing the flaw are aware of the vulnerability. For example, Microsoft uses this definition:\n\n> "A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability, and no public information about this risk is available."\n\nThe difference is significant. The fact that a vulnerability exists is true for almost any complex platform or software. Someone has to find such a vulnerability before it becomes a risk. Then it depends on the researcher finding the flaw whether it becomes a threat. If the researcher follows the rules of responsible disclosure, the vendor will be made aware of the existence of the flaw before anyone else, and the vendor will have a chance to find and publish a fix for the bug before any malicious actors find out about it.\n\nSo, for a vulnerability to be alarming, I would argue it has to be used in the wild or a public Proof-of-Concept has to be available _before_ the patch has been released.\n\nAs an example of where this went wrong, a set of critical RCE [vulnerabilities in WhatsApp](<https://www.malwarebytes.com/blog/news/2022/09/critical-whatsapp-vulnerabilities-patched-check-youve-updated>) got designated as a zero-day by several outlets, including some that should know better. As it turned out, the vulnerabilities listed as [CVE-2022-36934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36934>) and [CVE-2022-27492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27492>) were found by the WhatsApp internal security team and silently fixed, so they never posed any actual risk to any user. Yes, the consequences would have been disastrous if threat actors had found the vulnerabilities before the WhatsApp team did, but there never were any indications that these vulnerabilities had been exploited.\n\n## 4\\. Spring4Shell\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database as an individual number. CVE numbers are very helpful because they are unique and used in many reliable sources, so they make it easy to find a lot of information about a particular vulnerability. But they are hard to remember (for me at least). Coming up with fancy names and logos for vulnerabilities names, such as Log4Shell, Heartbleed, and Meltdown/Spectre helps us to tell them apart.\n\nBut when security experts themselves start to confuse different vulnerabilities in the same framework and researchers disclose details about an unpatched vulnerability because they think the information is out anyway, serious problems can arise.\n\nIn March, two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believed they were talking about "Spring4Shell" ([CVE-2022-22965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965>)), but in reality they were discussing [CVE-2022-22963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22963>). To add to the stress, a Chinese researcher prematurely spilled details about the vulnerability before the developer of the vulnerable Spring Framework could come up with a patch. This may have been due to the confusion about the two vulnerabilities.\n\nIn the end, Spring4Shell fizzled, working only for certain configurations and not for an out-of-the-box install.\n\n## Public service or not?\n\nSo, are we doing the public a service by writing about vulnerabilities? We feel we are, because it is good to raise awareness about the existence of vulnerabilities. But, to be effective, we need to meet certain criteria.\n\n * First of all, it needs to be made clear who is affected and who needs to do something about it. And what you can do to protect yourself.\n * While it is not always easy to make an assessment about the threat level, since we often don't have the exact details of a vulnerability, it is desirable to not exaggerate the impact.\n * Make it very clear whether or not a threat is being used in the wild if you have that information.\n\nIn a recent assessment, security researcher [Amelie Koran](<https://infosec.exchange/@webjedi>) said on Mastodon that the economic costs of Heartbleed were mostly due to vulnerability assessment and patching and not necessarily lost or stolen data. Not that it wouldn't have backfired if the patch hadn't been deployed, but it is something to keep in mind. A panic situation can do more harm than the actual threat.\n\n* * *\n\n**We don't just report on threats--we remove them**\n\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by [downloading Malwarebytes today](<https://www.malwarebytes.com/for-home>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-19T01:00:00", "type": "malwarebytes", "title": "4 over-hyped security vulnerabilities of 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22963", "CVE-2022-22965", "CVE-2022-27492", "CVE-2022-34718", "CVE-2022-36934"], "modified": "2022-12-19T01:00:00", "id": "MALWAREBYTES:30F9B0094E0BC177A7D657BF67D87E39", "href": "https://www.malwarebytes.com/blog/news/2022/12/4-times-security-vulnerabilities-were-blown-out-of-proportion-in-2022", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "googleprojectzero": [{"lastseen": "2023-01-18T01:58:51", "description": "By James Forshaw, Project Zero\n\n \n\n\nI've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number [2310](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2310>) with the handling of RC4 encryption that allowed you to authenticate as another user if you could either interpose on the Kerberos network traffic to and from the KDC or directly if the user was configured to disable typical pre-authentication requirements.\n\n \n\n\nThis blog post goes into more detail on how this vulnerability works and how I was able to exploit it with only a bare minimum of brute forcing required. Note, I'm not going to spend time fully explaining how Kerberos authentication works, there's plenty of resources online. For example [this blog post](<https://syfuhs.net/a-bit-about-kerberos>) by [Steve Syfuhs](<https://twitter.com/SteveSyfuhs>) who works at Microsoft is a good first start.\n\n## Background\n\nKerberos is a very old authentication protocol. The current version (v5) was described in [RFC1510](<https://datatracker.ietf.org/doc/html/rfc1510>) back in 1993, although it was updated in [RFC4120](<https://datatracker.ietf.org/doc/html/rfc4120>) in 2005. As Kerberos' core security concept is using encryption to prove knowledge of a user's credentials the design allows for negotiating the encryption and checksum algorithms that the client and server will use. \n\n \n\n\nFor example when sending the initial authentication service request (AS-REQ) to the Key Distribution Center (KDC) a client can specify a list supported encryption algorithms, as predefined integer identifiers, as shown below in the snippet of the ASN.1 definition from RFC4120.\n\n \n\n\nKDC-REQ-BODY ::= SEQUENCE {\n\n...\n\netype [8] SEQUENCE OF Int32 -- EncryptionType\n\n\\-- in preference order --,\n\n...\n\n}\n\n \n\n\nWhen the server receives the request it checks its list of supported encryption types and the ones the user's account supports (which is based on what keys the user has configured) and then will typically choose the one the client most preferred. The selected algorithm is then used for anything requiring encryption, such as generating session keys or the EncryptedData structure as shown below:\n\n \n\n\nEncryptedData ::= SEQUENCE {\n\netype [0] Int32 -- EncryptionType --,\n\nkvno [1] UInt32 OPTIONAL,\n\ncipher [2] OCTET STRING -- ciphertext\n\n}\n\n \n\n\nThe KDC will send back an authentication service reply (AS-REP) structure containing the user's Ticket Granting Ticket (TGT) and an EncryptedData structure which contains the session key necessary to use the TGT to request service tickets. The user can then use their known key which corresponds to the requested encryption algorithm to decrypt the session key and complete the authentication process.\n\n \n[![Alt Text: Diagram showing the based Kerberos authentication and requesting an AES key type.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRE6Kj-svyxGDL8OhnPM46jhk7cf3JEJrssrRSwToM3q63wAaqtboIVHeEiZ5bONQoHZNapfdxpDr3kXMbxLakja1tqshef6N4GDNlw1BXyhanRY_Jg2zDqTlIPmHZBZ2XvCMf_23GXoRSS-18_zLCfwYV2v4xOR5usrM4zq1AONy2U57oCk-n-BpW/s1062/image5.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRE6Kj-svyxGDL8OhnPM46jhk7cf3JEJrssrRSwToM3q63wAaqtboIVHeEiZ5bONQoHZNapfdxpDr3kXMbxLakja1tqshef6N4GDNlw1BXyhanRY_Jg2zDqTlIPmHZBZ2XvCMf_23GXoRSS-18_zLCfwYV2v4xOR5usrM4zq1AONy2U57oCk-n-BpW/s1062/image5.png>) \n\n\nThis flexibility in selecting an encryption algorithm is both a blessing and a curse. In the original implementations of Kerberos only DES encryption was supported, which by modern standards is far too weak. Because of the flexibility developers were able to add support for AES through [RFC3962](<https://datatracker.ietf.org/doc/html/rfc3962>) which is supported by all modern versions of Windows. This can then be negotiated between client and server to use the best algorithm both support. However, unless weak algorithms are explicitly disabled there's nothing stopping a malicious client or server from downgrading the encryption algorithm in use and trying to break Kerberos using cryptographic attacks.\n\n \n\n\nModern versions of Windows have started to disable DES as a supported encryption algorithm, preferring AES. However, there's another encryption algorithm which Windows supports which is still enabled by default, [RC4](<https://en.wikipedia.org/wiki/RC4>). This algorithm was used in Kerberos by Microsoft for Windows 2000, although its documentation was in draft form until [RFC4757](<https://datatracker.ietf.org/doc/html/rfc4757>) was released in 2006. \n\n \n\n\nThe RC4 stream cipher has many substantial weaknesses, but when it was introduced it was still considered a better option than DES which has been shown to be sufficiently vulnerable to hardware cracking such as the EFF's \"[Deep Crack](<https://en.wikipedia.org/wiki/EFF_DES_cracker>)\". Using RC4 also had the advantage that it was relatively easy to operate in a reduced key size mode to satisfy US export requirements of cryptographic systems. \n\n \n\n\nIf you read the RFC for the implementation of RC4 in Kerberos, you'll notice it doesn't use the stream cipher as is. Instead it puts in place various protections to guard against common cryptographic attacks:\n\n * The encrypted data is protected by a keyed MD5 HMAC hash to prevent tampering which is trivial with a simple stream cipher such as RC4. The hashed data includes a randomly generated 8-byte \"confounder\" so that the hash is randomized even for the same plain text.\n\n * The key used for the encryption is derived from the hash and a base key. This, combined with the confounder makes it almost certain the same key is never reused for the encryption.\n\n * The base key is not the user's key, but instead is derived from a MD5 HMAC keyed with the user's key over a 4 byte message type value. For example the message type is different for the AS-REQ and the AS-REP structures. This prevents an attacker using Kerberos as an encryption oracle and reusing existing encrypted data in unrelated parts of the protocol.\n\n \n\n\nMany of the known weaknesses of RC4 are related to gathering a significant quantity of ciphertext encrypted with a known key. Due to the design of the RC4-HMAC algorithm and the general functional principles of Kerberos this is not really a significant concern. However, the biggest weakness of RC4 as defined by Microsoft for Kerberos is not so much the algorithm, but the generation of the user's key from their password. \n\n \n\n\nAs already mentioned Kerberos was introduced in Windows 2000 to replace the existing NTLM authentication process used from NT 3.1. However, there was a problem of migrating existing users to the new authentication protocol. In general the KDC doesn't store a user's password, instead it stores a hashed form of that password. For NTLM this hash was generated from the Unicode password using a single pass of the MD4 algorithm. Therefore to make an easy upgrade path Microsoft specified that the RC4-HMAC Kerberos key was this same hash value.\n\n \n\n\nAs the MD4 output is 16 bytes in size it wouldn't be practical to brute force the entire key. However, the hash algorithm has no protections against brute-force attacks for example no salting or multiple iterations. If an attacker has access to ciphertext encrypted using the RC4-HMAC key they can attempt to brute force the key through guessing the password. As user's will tend to choose weak or trivial passwords this increases the chance that a brute force attack would work to recover the key. And with the key the attacker can then authenticate as that user to any service they like. \n\n \n\n\nTo get appropriate cipher text the attacker can make requests to the KDC and specify the encryption type they need. The most well known attack technique is called [Kerberoasting](<https://attack.mitre.org/techniques/T1558/003/>). This technique requests a service ticket for the targeted user and specifies the RC4-HMAC encryption type as their preferred algorithm. If the user has an RC4 key configured then the ticket returned can be encrypted using the RC4-HMAC algorithm. As significant parts of the plain-text is known for the ticket data the attacker can try to brute force the key from that. \n\n \n\n\nThis technique does require the attacker to have an account on the KDC to make the service ticket request. It also requires that the user account has a configured Service Principal Name (SPN) so that a ticket can be requested. Also modern versions of Windows Server will try to block this attack by forcing the use of AES keys which are derived from the service user's password over RC4 even if the attacker only requested RC4 support.\n\n \n\n\nAn alternative form is called [AS-REP Roasting](<https://attack.mitre.org/techniques/T1558/004/>). Instead of requesting a service ticket this relies on the initial authentication requests to return encrypted data. When a user sends an AS-REQ structure, the KDC can look up the user, generate the TGT and its associated session key then return that information encrypted using the user's RC4-HMAC key. At this point the KDC hasn't verified the client knows the user's key before returning the encrypted data, which allows the attacker to brute force the key without needing to have an account themselves on the KDC.\n\n \n\n\nFortunately this attack is more rare because Windows's Kerberos implementation requires pre-authentication. For a password based logon the user uses their encryption key to encrypt a timestamp value which is sent to the KDC as part of the AS-REQ. The KDC can decrypt the timestamp, check it's within a small time window and only then return the user's TGT and encrypted session key. This would prevent an attacker getting encrypted data for the brute force attack. \n\n \n\n\nHowever, Windows does support a user account flag, \"Do not require Kerberos preauthentication\". If this flag is enabled on a user the authentication request does not require the encrypted timestamp to be sent and the AS-REP roasting process can continue. This should be an uncommon configuration.\n\n \n\n\nThe success of the brute-force attack entirely depends on the password complexity. Typically service user accounts have a long, at least 25 character, randomly generated password which is all but impossible to brute force. Normal users would typically have weaker passwords, but they are less likely to have a configured SPN which would make them targets for Kerberoasting. The system administrator can also mitigate the attack by disabling RC4 entirely across the network, though this is not commonly done for compatibility reasons. A more limited alternative is to add sensitive users to the [Protected Users Group](<https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group>), which disables RC4 for them without having to disable it across the entire network.\n\n## Windows Kerberos Encryption Implementation\n\nWhile working on researching Windows Defender Credential Guard (CG) I wanted to understand how Windows actually implements the various Kerberos encryption schemes. The primary goal of CG at least for Kerberos is to protect the user's keys, specifically the ones derived from their password and session keys for the TGT. If I could find a way of using one of the keys with a weak encryption algorithm I hoped to be able to extract the original key removing CG's protection.\n\n \n\n\nThe encryption algorithms are all implemented inside the CRYPTDLL.DLL library which is separate from the core Kerberos library in KERBEROS.DLL on the client and KDCSVC.DLL on the server. This interface is undocumented but it's fairly easy to work out how to call the exported functions. For example, to get a \"crypto system\" from the encryption type integer you can use the following exported function:\n\n \n\n\nNTSTATUS CDLocateCSystem(int etype, KERB_ECRYPT** engine);\n\n \n\n\nThe KERB_ECRYPT structure contains configuration information for the engine such as the size of the key and function pointers to convert a password to a key, generate new session keys, and perform encryption or decryption. The structure also contains a textual name so that you can get a quick idea of what algorithm is supposed to be, which lead to the following supported systems:\n\n \n\n\nName Encryption Type\n\n\\---- ---------------\n\nRSADSI RC4-HMAC 24\n\nRSADSI RC4-HMAC 23\n\nKerberos AES256-CTS-HMAC-SHA1-96 18\n\nKerberos AES128-CTS-HMAC-SHA1-96 17\n\nKerberos DES-CBC-MD5 3\n\nKerberos DES-CBC-CRC 1\n\nRSADSI RC4-MD4 -128\n\nKerberos DES-Plain -132\n\nRSADSI RC4-HMAC -133\n\nRSADSI RC4 -134\n\nRSADSI RC4-HMAC -135\n\nRSADSI RC4-EXP -136\n\nRSADSI RC4 -140\n\nRSADSI RC4-EXP -141\n\nKerberos AES128-CTS-HMAC-SHA1-96-PLAIN -148\n\nKerberos AES256-CTS-HMAC-SHA1-96-PLAIN -149\n\n \n\n\nEncryption types with positive values are well-known encryption types defined in the RFCs, whereas negative values are private types. Therefore I decided to spend my time on these private types. Most of the private types were just subtle variations on the existing well-known types, or clones with legacy numbers. \n\n \n\n\nHowever, one stood out as being different from the rest, \"RSADSI RC4-MD4\" with type value -128. This was different because the implementation was incredibly insecure, specifically it had the following properties:\n\n \n\n\n * Keys are 16 bytes in size, but only the first 8 of the key bytes are used by the encryption algorithm.\n\n * The key is used as-is, there's no blinding so the key stream is always the same for the same user key.\n\n * The message type is ignored, which means that the key stream is the same for different parts of the Kerberos protocol when using the same key.\n\n * The encrypted data does not contain any cryptographic hash to protect from tampering with the ciphertext which for RC4 is basically catastrophic. Even though the name contains MD4 this is only used for deriving the key from the password, not for any message integrity.\n\n * Generated session keys are 16 bytes in size but only contain 40 bits (5 bytes) of randomness. The remaining 11 bytes are populated with the fixed value of 0xAB.\n\n \n\n\nTo say this is bad from a cryptographic standpoint, is an understatement. Fortunately it would be safe to assume that while this crypto system is implemented in CRYPTDLL, it wouldn't be used by Kerberos? Unfortunately not \u2014 it is totally accepted as a valid encryption type when sent in the AS-REQ to the KDC. The question then becomes how to exploit this behavior?\n\n## Exploitation on the Wire (CVE-2022-33647)\n\nMy first thoughts were to attack the session key generation. If we could get the server to return the AS-REP with a RC4-MD4 session key for the TGT then any subsequent usage of that key could be captured and used to brute force the 40 bit key. At that point we could take the user's TGT which is sent in the clear and the session key and make requests as that authenticated user.\n\n \n\n\nThe most obvious approach to forcing the preferred encryption type to be RC4-MD4 would be to interpose the connection between a client and the KDC. The etype field of the AS-REQ is not protected for password based authentication. Therefore a proxy can modify the field to only include RC4-MD4 which is then sent to the KDC. Once that's completed the proxy would need to also capture a service ticket request to get encrypted data to brute force.\n\n \n\n\nBrute forcing the 40 bit key would be technically feasible at least if you built a giant lookup table, however I felt like it's not practical. I realized there's a simpler way, when a client authenticates it typically sends a request to the KDC with no pre-authentication timestamp present. As long as pre-authentication hasn't been disabled the KDC returns a Kerberos error to the client with the KDC_ERR_PREAUTH_REQUIRED error code. \n\n \n\n\nAs part of that error response the KDC also sends a list of acceptable encryption types in the [PA-ETYPE-INFO2](<https://datatracker.ietf.org/doc/html/rfc4120#section-5.2.7.5>) pre-authentication data structure. This list contains additional information for the password to key derivation such as the salt for AES keys. The client can use this information to correctly generate the encryption key for the user. I noticed that if you sent back only a single entry indicating support for RC4-MD4 then the client would use the insecure algorithm for generating the pre-authentication timestamp. This worked even if the client didn't request RC4-MD4 in the first place.\n\n \n\n\nWhen the KDC received the timestamp it would validate it using the RC4-MD4 algorithm and return the AS-REP with the TGT's RC4-MD4 session key encrypted using the same key as the timestamp. Due to the already mentioned weaknesses in the RC4-MD4 algorithm the key stream used for the timestamp must be the same as used in the response to encrypt the session key. Therefore we could mount a known-plaintext attack to recover the keystream from the timestamp and use that to decrypt parts of the response.\n\n \n\n\n[![Diagram showing the attack process. A computer with a kerberos client sends an AS-REQ to the attacker, which returns an error requesting pre-authentication and selecting RC4-MD4 encryption. The client then converts the user's password into an RC4-MD4 key which is used to encrypt the timestamp to send to the KDC. This is used to validate the user authentication and an AS-REP is returned with a TGT session key generated for RC4-MD4.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUvTW1UFAq2BkR82D8pZBtol-7uMDtXUhYYWtsdj59L02yosepSSb2zaddG7GkNt9t8YvR7pQogCoZDMv9shMSF_iq0V4pIuDCt-o042w285bolE5_s3gGXZKI-XreYKDGzT48ShCCbyijZU0dDvrpFTVl-Kk4KYX6gYokC4vjlq6GpZt9_rfBRgje/s600/image3.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUvTW1UFAq2BkR82D8pZBtol-7uMDtXUhYYWtsdj59L02yosepSSb2zaddG7GkNt9t8YvR7pQogCoZDMv9shMSF_iq0V4pIuDCt-o042w285bolE5_s3gGXZKI-XreYKDGzT48ShCCbyijZU0dDvrpFTVl-Kk4KYX6gYokC4vjlq6GpZt9_rfBRgje/s1465/image3.png>) \nThe timestamp itself has the following ASN.1 structure, which is serialized using the [Distinguished Encoding Rules (DER)](<https://en.wikipedia.org/wiki/X.690#DER_encoding>) and then encrypted.\n\n \n\n\nPA-ENC-TS-ENC ::= SEQUENCE {\n\npatimestamp [0] KerberosTime -- client's time --,\n\npausec [1] Microseconds OPTIONAL\n\n}\n\n \n\n\nThe AS-REP encrypted response has the following ASN.1 structure:\n\n \n\n\nEncASRepPart ::= SEQUENCE {\n\nkey [0] EncryptionKey,\n\nlast-req [1] LastReq,\n\nnonce [2] UInt32,\n\nkey-expiration [3] KerberosTime OPTIONAL,\n\nflags [4] TicketFlags,\n\nauthtime [5] KerberosTime,\n\nstarttime [6] KerberosTime OPTIONAL,\n\nendtime [7] KerberosTime,\n\nrenew-till [8] KerberosTime OPTIONAL,\n\nsrealm [9] Realm,\n\nsname [10] PrincipalName,\n\ncaddr [11] HostAddresses OPTIONAL\n\n}\n\n \n\n\nWe can see from the two structures that as luck would have it the session key in the AS-REP is at the start of the encrypted data. This means there should be an overlap between the known parts of the timestamp and the key, allowing us to apply key stream recovery to decrypt the session key without any brute force needed.\n\n \n[![Diagram showing ASN.1 DER structures for the timestamp and encrypted AS-REP part. It shows there is an overlap between known bytes in the timestamp with the 40 bit session key in the AS-REP.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg24DDfsRh9c8OtrHaHSYfjKbUOPqVKpbrgf1ifZslYw1JDXAv8Q3hXmZRzz3MSsByAMoAg7Tpj5OIw3VzE5e9mrqIQ_fs-pLE61jHNF47qF1dBr-zFg7OV5hOSuDLJy7b9vYJm6hw5tDmK2-Oznd1hzj1a8NlBNBnGfxdX2lQfkrxQtGkhFy_nz9xR/s600/image1.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg24DDfsRh9c8OtrHaHSYfjKbUOPqVKpbrgf1ifZslYw1JDXAv8Q3hXmZRzz3MSsByAMoAg7Tpj5OIw3VzE5e9mrqIQ_fs-pLE61jHNF47qF1dBr-zFg7OV5hOSuDLJy7b9vYJm6hw5tDmK2-Oznd1hzj1a8NlBNBnGfxdX2lQfkrxQtGkhFy_nz9xR/s1187/image1.png>) \n\n\nThe diagram shows the ASN.1 DER structures for the timestamp and the start of the AS-REP. The values with specific hex digits in green are plain-text we know or can calculate as they are part of the ASN.1 structure such as types and lengths. We can see that there's a clear overlap between 4 bytes of known data in the timestamp with the first 4 bytes of the session key. We only need the first 5 bytes of the key due to the padding at the end, but this does mean we need to brute force the final key byte. \n\n \n\n\nWe can do this brute force one of two ways. First we can send service ticket requests with the user's TGT and a guess for the session key to the KDC until one succeeds. This would require at most 256 requests to the KDC. Alternatively we can capture a service ticket request from the client which is likely to happen immediately after the authentication. As the service ticket request will be encrypted using the session key we can perform the brute force attack locally without needing to talk to the KDC which will be faster. Regardless of the option chosen this approach would be orders of magnitude faster than brute forcing the entire 40 bit session key.\n\n \n\n\nThe simplest approach to performing this exploit would be to interpose the client to server connection and modify traffic. However, as the initial request without pre-authentication just returns an error message it's likely the exploit could be done by injecting a response back to the client while the KDC is processing the real request. This could be done with only the ability to monitor network traffic and inject arbitrary network traffic back into that network. However, I've not verified that approach.\n\n## Exploitation without Interception (CVE-2022-33679)\n\nThe requirement to have access to the client to server authentication traffic does make this vulnerability seem less impactful. Although there's plenty of scenarios where an attacker could interpose, such as shared wifi networks, or physical attacks which could be used to compromise the computer account authentication which would take place when a domain joined system was booted.\n\n \n\n\nIt would be interesting if there was an attack vector to exploit this without needing a real Kerberos user at all. I realized that if a user has pre-authentication disabled then we have everything we need to perform the attack. The important point is that if pre-authentication is disabled we can request a TGT for the user, specifying RC4-MD4 encryption and the KDC will send back the AS-REP encrypted using that algorithm.\n\n \n\n\nThe key to the exploit is to reverse the previous attack, instead of using the timestamp to decrypt the AS-REP we'll use the AS-REP to encrypt a timestamp. We can then use the timestamp value when sent to the KDC as an encryption oracle to brute force enough bytes of the key stream to decrypt the TGT's session key. For example, if we remove the optional microseconds component of the timestamp we get the following DER encoded values:\n\n \n\n\n[![Diagram showing ASN.1 DER structures for the timestamp and encrypted AS-REP part. It shows there is an overlap between known bytes in the AS-REP and the timestamp string which can be used to generate a valid encrypted timestamp.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJwOslmDADrdMxHQePmjJB4AwNGPGaFkdemYZCTgtHzSOcKYXYq46I5ETenRLGSjx-aPpCGMj40oox50HylEiImPmompOLGzAs0mNSRbjQtEUWhlNl6xv3XWladvkt__nep8zR4GEcMTLUHzqpC5ECmGSjYlr7CINK8BP3lBrX8n5u1hTKwcrBzMEd/s600/image2.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJwOslmDADrdMxHQePmjJB4AwNGPGaFkdemYZCTgtHzSOcKYXYq46I5ETenRLGSjx-aPpCGMj40oox50HylEiImPmompOLGzAs0mNSRbjQtEUWhlNl6xv3XWladvkt__nep8zR4GEcMTLUHzqpC5ECmGSjYlr7CINK8BP3lBrX8n5u1hTKwcrBzMEd/s1057/image2.png>) \n\n\nThe diagram shows that currently there's no overlap between the timestamp, represented by the T bytes, and the 40 bit session key. However, we know or at least can calculate the entire DER encoded data for the AS-REP to cover the entire timestamp buffer. We can use this to calculate the keystream for the user's RC4-MD4 key without actually knowing the key itself. With the key stream we can encrypt a valid timestamp and send it to the KDC. \n\n \n\n\nIf the KDC responds with a valid AS-REP then we know we've correctly calculated the key stream. How can we use this to start decrypting the session key? The KerberosTime value used for the timestamp is an ASCII string of the form YYYYMMDDHHmmssZ. The KDC parses this string to a format suitable for processing by the server. The parser takes the time as a NUL terminated string, so we can add an additional NUL character to the end of the string and it shouldn't affect the parsing. Therefore we can change the timestamp to the following:\n\n \n\n\n \n\n\n[![Diagram showing ASN.1 DER structures for the timestamp and encrypted AS-REP part. It shows there is an overlap between a final NUL character at the end of the timestamp string which overlaps with the first byte of the 40 bit session key.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHkQxlTmqYoIrJDtSjALIbuKT6vXVkaSM2QGjB8aErmNyny_lSLBJt4ZogLrR2naCcnSc15TiR-oq45Xj2-WDfmZpNzs1k0RYZH2VQKpLb6Whj8Z4nNkc5DIK_CdQvfT3ncuVdLnAdMSBhclQIYpIWB26fmbSWaVzdQXwYkbnnz6iPxYCGJ1sNY7rM/s1032/image4.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHkQxlTmqYoIrJDtSjALIbuKT6vXVkaSM2QGjB8aErmNyny_lSLBJt4ZogLrR2naCcnSc15TiR-oq45Xj2-WDfmZpNzs1k0RYZH2VQKpLb6Whj8Z4nNkc5DIK_CdQvfT3ncuVdLnAdMSBhclQIYpIWB26fmbSWaVzdQXwYkbnnz6iPxYCGJ1sNY7rM/s1032/image4.png>) \n \n\n\nWe can now guess a value for the encrypted NUL character and send the new timestamp to the KDC. If the KDC returns an error we know that the parsing failed as it didn't decrypt to a NUL character. However, if the authentication succeeds the value we guessed is the next byte in the key stream and we can decrypt the first byte of the session key.\n\n \n\n\nAt this point we've got a problem, we can't just add another NUL character as the parser would stop on the first one we sent. Even if the value didn't decrypt to a NUL it wouldn't be possible to detect. This is when a second trick comes into play, instead of extending the string we can abuse the way value lengths are encoded in DER. A length can be in one of two forms, a short form if the length is less than 128, or a long form for everything else. \n\n \n\n\nFor the short form the length is encoded in a single byte. For the long form, the first byte has the top bit set to 1, and the lower 7 bits encode the number of trailing bytes of the length value in big-endian format. For example in the above diagram the timestamp's total size is 0x14 bytes which is stored in the short form. We can instead encode the length in an arbitrary sized long form, for example 0x81 0x14, 0x82 0x00 0x14, 0x83 0x00 0x00 0x14 etc. The examples shown below move the NUL character to brute force the next two bytes of the session key:\n\n \n\n\n \n\n\n[![Diagram showing ASN.1 DER structures for the timestamp and encrypted AS-REP part. It shows extending the first length field so there is an overlap between a final NUL character at the end of the timestamp string which overlaps with the second and third bytes of the 40 bit session key.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsKgGYAwo0YMFIjyz2Htl9U6igMxgQULM7SMPuDKr4jsQckfpZSvEUSshnUpNK15rRJD5ZD9mjSOgFn7F2_vgCGr1HHHGXRuGQZmMqHwAV7c7JairJhIUONjxM7YVBkWxBdxC9MfuXPxfISUEzVaPeRG5EsvlL91sgnZs4gXMjApMLYcZq4oXy7ZEg/s1038/image6.png)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsKgGYAwo0YMFIjyz2Htl9U6igMxgQULM7SMPuDKr4jsQckfpZSvEUSshnUpNK15rRJD5ZD9mjSOgFn7F2_vgCGr1HHHGXRuGQZmMqHwAV7c7JairJhIUONjxM7YVBkWxBdxC9MfuXPxfISUEzVaPeRG5EsvlL91sgnZs4gXMjApMLYcZq4oXy7ZEg/s1038/image6.png>)\n\nEven though technically DER should expect the shortest form necessary to encode the length the Microsoft ASN.1 library doesn't enforce that when parsing so we can just repeat this length encoding trick to cover the remaining 4 unknown bytes of the key. As the exploit brute forces one byte at a time the maximum number of requests that we'd need to send to the KDC is 5 \u00d7 28 which is 1280 requests as opposed to 240 requests which would be around 1 trillion. \n\n \n\n\nEven with such a small number of requests it can still take around 30 seconds to brute force the key, but that still makes it a practical attack. Although it would be very noisy on the network and you'd expect any competent EDR system to notice, it might be too late at that point.\n\n## The Fixes\n\nThe only fix I can find is in the KDC service for the domain controller. Microsoft has added a new flag which by default disables the RC4-MD4 algorithm and an old variant of RC4-HMAC with the encryption type of -133. This behavior can be re-enabled by setting the KDC configuration registry value AllowOldNt4Crypto. The reference to NT4 is a good indication on how long this vulnerability has existed as it presumably pre-dates the introduction of Kerberos in Windows 2000. There are probably some changes to the client as well, but I couldn't immediately find them and it's not really worth my time to reverse engineer it.\n\n \n\n\nIt'd be good to mitigate the risk of similar attacks before they're found. Disabling RC4 is definitely recommended, however that can bring [its own problems](<https://syfuhs.net/lessons-in-disabling-rc4-in-active-directory>). If this particular vulnerability was being exploited in the wild it should be pretty easy to detect. Also unusual Kerberos encryption types would be an immediate red-flag as well as the repeated login attempts.\n\n \n\n\nAnother option is to enforce [Kerberos Armoring (FAST)](<https://syfuhs.net/kerberos-fast-armoring>) on all clients and KDCs in the environment. This would make it more difficult to inspect and tamper with Kerberos authentication traffic. However it's not a panacea, for example for FAST to work the domain joined computer needs to first authenticate without FAST to get a key they can then use for protecting the communications. If that initial authentication is compromised the entire protection fails.\n\n \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T00:00:00", "type": "googleprojectzero", "title": "\nRC4 Is Still Considered Harmful\n", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-10-27T00:00:00", "id": "GOOGLEPROJECTZERO:75823B4B03E867492EE237294C2ED9EF", "href": "https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2022-10-04T08:46:02", "description": "", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-04T00:00:00", "type": "zdt", "title": "Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-33647", "CVE-2022-33679"], "modified": "2022-10-04T00:00:00", "id": "1337DAY-ID-38021", "href": "https://0day.today/exploit/description/38021", "sourceData": "Windows: Kerberos RC4 MD4 Encryption Downgrade EoP\nPlatform: Windows 10+\nClass: Elevation of Privilege\nSecurity Boundary: User\n\nSummary:\n The KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in EoP.\n\nNOTE: I tried to look if this was something which has been reported before. The fact that Kerberos can have its encryption downgraded is a well known issue, but the primary use case seems to be to get crackable data by weakening the encryption. However, I couldn't find a description of this specific attack. Also while I'm sure Kerberos armoring will prevent the attack as is, unless FAST is required I am led to understand that an attacker can downgrade to non-FAST if they're in a privileged position on the network.\n\nDescription: \nWhen Kerberos makes an initial request to the KDC to authenticate a user it sends an AS-REQ structure. One of the options in the AS-REQ is a list of encryption algorithms that the client supports. The KDC will accept the strongest available from the list for things like session keys.\n\nThe problem with the list is it's unprotected (without FAST) and so an attacker who interposes the connection can modify it before it goes to the KDC. This allows the attacker to downgrade the encryption used to a weaker algorithm such as RC4-HMAC which is more amenable to cracking the password due to the weak password to key generation.\n\nHowever, even with downgrading to RC4-HMAC it's not an immediate exploit, the key would have to be cracked offline which for complex passwords can take a long time. For example, a computer account usually has a 120 character randomly generated password which would be effectively impossible to crack.\n\nThrough inspection it seems that you can request any Kerberos encryption algorithm supported by CRYPTDLL which implements all the Kerberos encryption engines. The one of most interest is RC4-MD4 (encryption type -128) as it has some serious security weaknesses.\n\n1. Only 8 of the 16 key bytes are used by the encryption algorithm.\n2. The key is not blinded or otherwise hashed unlike RC4-HMAC which means the key stream is always the same for the same key. \n3. The encryption ignores the key usage value so different parts of the protocol also use the same RC4 key stream.\n4. The encryption has no cryptographic checksum applied so the cipher text can be modified if the plain text is known.\n5. Session keys, when generated, only have 40bits of randomness, the remaining 11 bytes of the key as populated with the value 0xAB.\n\nIf you can downgrade the client and KDC to use RC4-MD4 then it's catastrophic for the Kerberos authentication process. An attacker could get the KDC to use an RC4-MD4 session key for the initial TGT which only has 40 bits of entropy and be reasonably confident of brute forcing that before the associated ticket expires. They could then issue TGS requests for arbitrary service tickets for that user.\n\nHowever, brute force seems overly complex. Instead if the initial AS-REQ without the pre-authentication is downgraded then it induces the client into using RC4-MD4 with its RC4-HMAC key for the encrypted timestamp. The KDC authenticates the timestamp and returns an AS-REP with the result also encrypted to the user's RC4-HMAC key but with the RC4-MD4 algorithm.\n\nAlmost the entirety of the encrypted timestamps' plain text data is known or can be guessed, which means we can determine the keystream for the user's encryption key. We can then apply that keystream to decrypt some encrypted data in the AS-REP. By luck the TGT session key is at the start of the encrypted data. We don't have enough of the keystream from the timestamp to decrypt the entire key but we only need the first 5 bytes due to the weak session key generation. We end up with an overlap between the last byte of the key and the first byte of the microseconds for the timestamp which could be anything. As long as we then observe at least one TGS-REQ from the user (which they will almost certainly do) we can use that to brute force offline the single remaining byte of the key. With the TGT session key the attacker could impersonate the user entirely.\n\nHow you interpose the Kerberos connection is myriad. Obviously local network based attacks are possible such as a \\\"Coffee Shop\\\" attack or DNS spoofing. It's possible this could also resurrect attacks such as MS15-011 on group policy as getting the TGT of the computer account would allow for the session keys for service tickets to be decrypted and by extension the sub-session keys from the AP-REQ to hijack the SMB connection.\n\nFixing wise, nothing should be using the RC4-MD4 encryption algorithm, it's not even clear why it's still there in CRYPTDLL. One way to mitigate the attack as described is to disable RC4 across the board, both on the KDC and the clients. If this is only disabled on clients then it might be possible to get the initial pre-authentication to use AES but only change the session key which might allow it to continue to function but I've not verified that. Even if you do that you might need to bruteforce the session key, but that's doable. \n\nUsing PKINIT would break the initial hijacking of the AS-REQ's encrypted timestamp, but it might still be possible to downgrade the TGT's session key. At that point the only attack might be to brute force the key. However it is also possible that the encrypted data in the initial TGS-REQ could be attacked instead as the encrypted authorization data is encrypted with the same key as the authenticator.\n\nFAST would also break the attack as described but I'm not sure if that's sufficient if you're in a privileged network position and FAST is not required.\n\nProof of Concept:\n\nI've provided a PoC as a C# project. It works locally using KDC pinning to hijack a SSPI Kerberos authentication process to steal the TGT. This in itself is a potentially useful local privilege escalation but of course the real attack would be remote. You need to get and build a copy of my NtApiDotNet library to build the project (https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools).\n\n1) Compile the C# project, put a copy of NtApiDotNet.dll in the project's directory before building.\n2) Run the POC on a domain joined machine where FAST hasn't been configured and RC4 is still enabled.\n3) The POC should complete successfully.\n\nExpected Result:\nThe downgraded encryption is rejected on the KDC and/or the client.\n\nObserved Result:\nThe KDC and client honor the encryption downgrade and the POC can request a new TGT indicated by printing the final key.\n\nThis bug is subject to a 90-day disclosure deadline. If a fix for this\nissue is made available to users before the end of the 90-day deadline,\nthis bug report will become public 30 days after the fix was made\navailable. Otherwise, this bug report will become public at the deadline.\nThe scheduled deadline is 2022-08-31.\n\nRelated CVE Numbers: CVE-2022-33647,CVE-2022-33679.\n", "sourceHref": "https://0day.today/exploit/38021", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2022-12-06T17:35:19", "description": "Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.\n\n \n**Recent assessments:** \n \n**adenosine-phosphatase** at September 18, 2022 10:32am UTC reported:\n\nI must be missing something as the PoC script *<https://github.com/78ResearchLab/PoC/blob/main/CVE-2022-34721/CVE-2022-34721.py)> does not execute any exception/BSOD let alone the RCE.\n\nFrom what I can see, the script does not carry any RCE payload, but I thought it would at least cause some app/os exception. \nWhen I fire it up against w2k19 VPN server, nothing happens. \nI would have expected that at least some kind of unhandled exception/BSOD occurred, but nothing \u2026\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "attackerkb", "title": "CVE-2022-34721", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34721", "CVE-2022-34722"], "modified": "2022-09-13T00:00:00", "id": "AKB:95BA23FE-CAB6-4758-B294-2A870F37726D", "href": "https://attackerkb.com/topics/8TikmBcfwd/cve-2022-34721", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-04T05:01:18", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "attackerkb", "title": "CVE-2022-37969", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T00:00:00", "id": "AKB:48AB1318-D726-4F76-9889-74353FF980EF", "href": "https://attackerkb.com/topics/ZMtSR5b70g/cve-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}}], "krebs": [{"lastseen": "2022-09-14T02:46:56", "description": "This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in **Microsoft Windows** that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, **Apple** has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released **iOS 16**, which offers a new privacy and security feature called "**Lockdown Mode**." And **Adobe** axed 63 vulnerabilities in a range of products.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2022/09/computerguys.png)\n\nMicrosoft today released software patches to plug at least 64 security holes in Windows and related products. Worst in terms of outright scariness is [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>), which is a "privilege escalation" weakness in the **Windows Common Log File System Driver** that allows attackers to gain SYSTEM-level privileges on a vulnerable host. Microsoft says this flaw is already being exploited in the wild.\n\n**Kevin Breen**, director of cyber threat research at **Immersive Labs**, said any vulnerability that is actively targeted by attackers in the wild must be put to the top of any patching list.\n\n"Not to be fooled by its relatively low CVSS score of 7.8, privilege escalation vulnerabilities are often highly sought after by cyber attackers," Breen said. "Once an attacker has managed to gain a foothold on a victim\u2019s system, one of their first actions will be to gain a higher level of permissions, allowing the attacker to disable security applications and any device monitoring. There is no known workaround to date, so patching is the only effective mitigation."\n\n**Satnam Narang** at **Tenable** said [CVE-2022-24521](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521>) -- a similar vulnerability in the same Windows log file component -- was patched earlier this year as part of [Microsoft\u2019s April Patch Tuesday release](<https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/>) and was also exploited in the wild.\n\n"CVE-2022-37969 was disclosed by several groups, though it\u2019s unclear if CVE-2022-37969 is a patch-bypass for CVE-2022-24521 at this point," Narang said.\n\nAnother vulnerability Microsoft patched this month -- [CVE-2022-35803](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35803>) -- also seems to be related to the same Windows log file component. While there are no indications CVE-2022-35803 is being actively exploited, Microsoft suggests that exploitation of this flaw is more likely than not.\n\nTrend Micro's **Dustin Childs** called attention to [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>), a remote code execution flaw in the **Windows TCP/IP** service that could allow an unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction.\n\n"That officially puts it into the 'wormable' category and earns it a CVSS rating of 9.8," Childs said. "However, only systems with IPv6 enabled and IPSec configured are vulnerable. While good news for some, if you\u2019re using IPv6 (as many are), you\u2019re probably running IPSec as well. Definitely test and deploy this update quickly."\n\n**Cisco Talos** warns about four critical vulnerabilities fixed this month -- [CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>) and [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) -- which have severity scores of 9.8, though they are \u201cless likely\u201d to be exploited, according to Microsoft.\n\n"These are remote code execution vulnerabilities in the **Windows Internet Key Exchange** protocol that could be triggered if an attacker sends a specially crafted IP packet," [wrote](<https://blog.talosintelligence.com/2022/09/microsoft-patch-tuesday-for-september.html>) **Jon Munshaw** and **Asheer Malhotra**. "Two other critical vulnerabilities, [CVE-2022-35805](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35805>) and [CVE-2022-34700](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34700>) exist in on-premises instances of **Microsoft Dynamics 365**. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner."\n\n![](https://krebsonsecurity.com/wp-content/uploads/2022/09/lockdownmode.png)Not to be outdone, Apple fixed at least two zero-day vulnerabilities when it released updates for iOS, iPadOS, macOS and Safari. CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel). Apple pushed [an emergency update](<https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/>) for a related zero-day last month in CVE-2022-32983, which could be used to foist malware on iPhones, iPads and Macs that visited a booby-trapped website.\n\nAlso listed under active attack is **CVE-2022-32817**, which has been fixed on macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 15.7 and iPadOS 15.7, and iOS 16. The same vulnerability [was fixed in Apple Watch in July 2022](<https://support.apple.com/en-us/HT213340>), and credits **Xinru Chi** of Japanese cybersecurity firm **Pangu Lab**.\n\n"Interestingly, this CVE is also listed in the advisory for iOS 16, but it is not called out as being under active exploit for that flavor of the OS," Trend Micro's Childs noted. "Apple does state in its iOS 16 advisory that 'Additional CVE entries to be added soon.' It\u2019s possible other bugs could also impact this version of the OS. Either way, it\u2019s time to update your Apple devices."\n\nApple's iOS 16 includes two new security and privacy features -- [Lockdown Mode](<https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/>) and [Safety Check](<https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web>). **Wired.com** describes Safety Check as a feature for users who are at risk for, or currently experiencing, domestic abuse.\n\n"The tool centralizes a number of controls in one place to make it easier for users to manage and revoke access to their location data and reset privacy-related permissions," [wrote](<https://www.wired.com/story/apple-ios-16-safety-check-lockdown-mode/>) **Lily Hay Newman**.\n\n"Lockdown Mode, on the other hand, is meant for users who potentially face targeted spyware attacks and aggressive state-backed hacking. The feature comprehensively restricts any nonessential iOS features so there are as few potential points of entry to a device as possible. As more governments and repressive entities around the world have begun purchasing powerful commodity spyware to target individuals of particular importance or interest, iOS's general security defenses haven't been able to keep pace with these specialized threats."\n\nTo turn on Lockdown Mode in iOS 16, go to **Settings**, then **Privacy and Security**, then **Lockdown Mode**. Safety Check is located in the same area.\n\nFinally, Adobe released [seven patches](<https://helpx.adobe.com/security.html>) addressing 63 security holes in **Adobe Experience Manager**, **Bridge**, **InDesign**, **Photoshop**, **InCopy**, **Animate**, and **Illustrator**. More on those updates is [here](<https://helpx.adobe.com/security.html>).\n\nDon't forget to back up your data and/or system before applying any security updates. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T00:23:45", "type": "krebs", "title": "Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24521", "CVE-2022-32817", "CVE-2022-32983", "CVE-2022-32984", "CVE-2022-34700", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35803", "CVE-2022-35805", "CVE-2022-37969"], "modified": "2022-09-14T00:23:45", "id": "KREBS:93C313996DC56B0E237DCF999BF438CB", "href": "https://krebsonsecurity.com/2022/09/wormable-flaw-0days-lead-sept-2022-patch-tuesday/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "qualysblog": [{"lastseen": "2022-10-03T20:04:30", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 63 vulnerabilities (aka flaws) in the September 2022 update, including five (5) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks (**[CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>)***,[ ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)**[CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>)**). Earlier this month, on September 1-2, 2022, Microsoft also released a total of 16 Microsoft Edge (Chromium-Based) updates, one (1) addressing a Remote Code Execution (RCE) ([CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)) ranked _**Low**_.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service, Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution, and Security Feature Bypass.\n\n## **The September 2022 Microsoft Vulnerabilities are Classified as follows:**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/2022-09_SEP-iMPACT-SEVERITY.png)\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) | Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>), [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. NOTE: This vulnerability_ only impacts IKEv1_. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Zero-Day Vulnerabilities Addressed**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of [5.6](<https://nvd.nist.gov/vuln/detail/CVE-2022-23960>)/10.\n\n[CVE-2022-23960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960>) is regarding a vulnerability known as Spectre-BHB. MITRE created this CVE on behalf of Arm Limited.\n\nPlease see [Spectre-BHB on arm Developer](<https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB>) for more information.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Less Likely**_\n\n* * *\n\n# **Microsoft Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 92 unique Microsoft products/versions are affected, including but not limited to .NET, Azure Arc, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office SharePoint, SPNEGO Extended Negotiation, Visual Studio Code, Windows Common Log File System Driver, Windows Credential Roaming Service, Windows Defender, Windows Distributed File System (DFS), Windows DPAPI (Data Protection Application Programming Interface), Windows Enterprise App Management, Windows Event Tracing, Windows Group Policy, Windows IKE Extension, Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows ODBC Driver, Windows OLE, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows TCP/IP, and Windows Transport Security Layer (TLS).\n\nDownloads include Cumulative Update, Monthly Rollup, Security Hotpatch Update, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-38009](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.\n\nThe attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-26929](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26929>) | .NET Framework Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>) | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in September 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including [CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>). The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)[CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.7/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\nThis vulnerability could lead to a browser sandbox escape.\n\nSuccessful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.\n\nNOTE: [Per Microsoft's severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance which explains why this CVE is rated as Low, but the CVSSv3.1 score is 7.7\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released seven (7) [security bulletins and advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 63 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, Photoshop, and Experience Manager applications. Of these 63 vulnerabilities, 35 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_** and 28 rated as _****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_; ranging in severity from a CVSS score of 5.3/10 to 7.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/2022-09_SEP-APSB-IMPACT-SEVERITY.png)\n\n* * *\n\n### [APSB22-40](<https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html>) | Security Update Available for Adobe Experience Manager\n\nThis update resolves 11 [_****__****_](<https://helpx.adobe.com/security/severity-ratings.html>)_****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_ vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated [Important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass.\n\n* * *\n\n### [APSB22-49](<https://helpx.adobe.com/security/products/bridge/apsb22-49.html>) | Security Update Available for Adobe Bridge\n\nThis update resolves 12 vulnerabilities:\n\n * Ten (10) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe Bridge. This update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-50](<https://helpx.adobe.com/security/products/indesign/apsb22-50.html>) | Security Update Available for Adobe InDesign\n\nThis update resolves 18 vulnerabilities:\n\n * Eight (8) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Ten (10) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe InDesign. This update addresses multiple [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, and memory leak.\n\n* * *\n\n### [APSB22-52](<https://helpx.adobe.com/security/products/photoshop/apsb22-52.html>) | Security Update Available for Adobe Photoshop\n\nThis update resolves ten (10) vulnerabilities:\n\n * Nine (9) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-53](<https://helpx.adobe.com/security/products/incopy/apsb22-53.html>) | Security Update Available for Adobe InCopy\n\nThis update resolves seven (7) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe InCopy. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-54](<https://helpx.adobe.com/security/products/animate/apsb22-54.html>) | Security Update Available for Adobe Animate\n\nThis update resolves two (2) [](<https://helpx.adobe.com/security/severity-ratings.html>)[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Animate. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-55](<https://helpx.adobe.com/security/products/illustrator/apsb22-55.html>) | Security Update Available for Adobe Illustrator\n\nThis update resolves three (3) vulnerabilities:\n\n * One (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories from August to September 2022 Patch Tuesday Advisory\n\n_Sorted in Descending Order_\n\n * [Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition](<https://threatprotect.qualys.com/2022/09/14/microsoft-patches-vulnerabilities-79-including-16-microsoft-edge-chromium-based-with-2-zero-days-and-5-critical-in-patch-tuesday-september-2022-edition/>)\n * [Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)](<https://threatprotect.qualys.com/2022/08/29/atlassian-bitbucket-server-and-data-center-command-injection-vulnerability-cve-2022-36804/>)\n * [GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)](<https://threatprotect.qualys.com/2022/08/25/gitlab-patches-critical-remote-command-execution-vulnerability-cve-2022-2884/>)\n * [Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)](<https://threatprotect.qualys.com/2022/08/18/apple-releases-security-updates-to-patch-two-zero-day-vulnerabilities-cve-2022-32893-and-cve-2022-32894/>)\n * [Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)](<https://threatprotect.qualys.com/2022/08/18/google-chrome-zero-day-insufficient-input-validation-vulnerability-cve-2022-2856/>)\n * [Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)](<https://threatprotect.qualys.com/2022/08/16/palo-alto-networks-pan-os-reflected-amplification-denial-of-service-dos-vulnerability-cve-2022-0028/>)\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/VMDR-September2022-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>) **_New_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/PATCH-September2022-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>) **_New_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>)\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### [CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>)** | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs) for Checking Azure Arc-Enabled Servers on Linux:\n\n * **14112**: Status of the services installed on the Linux/UNIX host (stopped, running, failed, dead, \u2026) \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>)**** | ****Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **3720**: Status of the 'IPSEC Services' service\n * **14916**: Status of Windows Services \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n#### [CVE-2022-35838](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35838>)****** | **HTTP V3 Denial of Service (DoS) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **24717**: Status of the 'HTTP/3' service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-33679 ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679>), [CVE-2022-33647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33647>)**** | **Windows Kerberos Elevation of Privilege (EoP) Vulnerability**\n\nThese vulnerabilities have a CVSSv3.1 score of 8.1/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **17108**: Status of the 'KDC support for claims, compound authentication and Kerberos armoring' setting (Enabled / Disabled)\n * **17109**: Status of the 'Kerberos client support for claims, compound authentication and Kerberos armoring' setting\n * **17197**: Status of the 'KDC support for claims, compound authentication, and Kerberos armoring' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-38004](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38004>) **| Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **1161**: Status of the 'Fax' service\n * **14916**: Status of Windows Services\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1161` OR id:`3720` OR id:`14112` OR id:`14916` OR id:`14916` OR id:`17108` OR id:`17108` OR id:`17109` OR id:`17109` OR id:`17197` OR id:`17197` OR id:`24717` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/PC-September2022-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/qualys-shield.jpg) [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>) **_New_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/qualys-shield.jpg) [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n**Patch Tuesday is Complete.**\n\n* * *\n\n# Qualys [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n* * *\n\n## NEW & NOTEWORTHY UPCOMING EVENTS\n\nThe content within this section will spotlight Vulnerability Management, Patch Management, Threat Protections, and Policy Compliance adjacent events available to our new and existing customers.\n\n* * *\n\n[WEBINARS](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## [Introducing Qualys Threat Thursdays](<https://blog.qualys.com/vulnerabilities-threat-research/2022/09/01/introducing-qualys-threat-research-thursdays>)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/10/ThreatThursday.png)\n\nThe **Qualys Research Team** announces the first in a series of regular monthly webinars covering the latest threat intelligence analysis and insight. Join us each month for Threat Thursdays, where we will zero in on a specific malware or other exploit observed in the wild\u2026 and how to defend against it.\n\nPlease join us for the first [Threat Thursdays](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>) monthly webinar where the Qualys Threat Research Team will present the latest threat intelligence\u2026 each and every month! \n\nTo quickly navigate to Threat Thursday blog posts, please use <https://blog.qualys.com/tag/threat-thursday>\n\n* * *\n\n[CONFERENCES](<https://www.qualys.com/qsc/locations/>)\n\n[![](https://blog.qualys.com/wp-content/uploads/2022/10/QSC2022LV.png)](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)[Register Now](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)\n\n## [Qualys Annual Security Conference](<https://www.qualys.com/qsc/get-notified/#las-vegas/>) #QSC22\n\nNovember 7-10, 2022 \n\nThe Venetian Resort Las Vegas, 3355 Las Vegas Blvd. South, Las Vegas, NV 89109, US\n\n[Book your hotel here](<https://book.passkey.com/gt/218594637?gtid=9914abda1b2fe722d872e0ac3e0bdc09>) & take advantage of the discounted QSC rate of $229+ per night\n\nOr find a conference [near you](<https://www.qualys.com/qsc/locations/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T20:00:00", "type": "qualysblog", "title": "September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0028", "CVE-2022-22047", "CVE-2022-23960", "CVE-2022-26929", "CVE-2022-2856", "CVE-2022-2884", "CVE-2022-30134", "CVE-2022-3075", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35838", "CVE-2022-36804", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38007", "CVE-2022-38009", "CVE-2022-38012"], "modified": "2022-09-13T20:00:00", "id": "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-29T20:10:09", "description": "Welcome to the fourth edition of the Qualys Threat Research Unit\u2019s (TRU) \u201cThreat Research Thursday\u201d, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. This also happens to be the last edition for the year. Feedback on our third edition, [Qualys Threat Research Thursday](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/27/october-2022-threat-thursday>), is more than welcome. We would love to hear from you! \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/09/ThreatThursday_WebinarBanners_990x350_v1.png)\n\n## From the Qualys Blogs \n\nHere is a roundup of the most interesting blogs from the Qualys Research Team over the past couple of weeks: \n\n * [Dissecting the Empire C2 Framework](<https://blog.qualys.com/vulnerabilities-threat-research/2022/12/12/dissecting-the-empire-c2-framework>) - In this blog post, we take a quick dive into Empire, a popular open-source post-exploitation framework. \n * [Identify Server-Side Attacks Using Qualys Periscope](<https://blog.qualys.com/product-tech/2022/12/01/out-of-band-detections-using-qualys-periscope>) - This article will provide more detail on the common questions/situations seen with out-of-band detections via [Qualys Periscope](<https://blog.qualys.com/product-tech/2020/01/15/introducing-periscope-out-of-band-vulnerability-detection-mechanism-in-qualys-was>). \n\n## New Tools & Techniques \n\n**Kubeshark** \u2013 This is an Apache-2.0 licensed, open-source observability and monitoring tool for Kubernetes. It enables dynamic microservice analysis, anomaly detection and triggering mechanism when a certain pattern appears in runtime. Up until the last month, Kubeshark was known as Mizu. The Kubeshark 37.0 source can be [found on GitHub](<https://github.com/kubeshark/kubeshark/releases/tag/37.0>). \n\n**certipy-ad** - For everybody\u2019s information, Certipy the offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS) is also available on Pypi as a Python package. Get certipy-ad 4.3.0 from the [pypi page](<https://pypi.org/project/certipy-ad/>). \n\n**Scapy** - Everyone knows Scapy. What's more exciting is that just in time for Christmas, Scapy was updated. Along with major CLI improvements, Python 3.9/3.10 supports this release and also has new DCERPC/NTLM/KERBEROS/GSSAPI/SPNEGO/(C)LDAP layers on Windows. Scapy v2.5.0 can be downloaded [here](<https://github.com/secdev/scapy/releases/tag/v2.5.0>). \n\n**DLest** - This is a new open-source tool for analyzing and manipulating exported functions in a large number of both x86-32 (PE) and x86-64 (PE+) bit Portable Executable files. Download DLtest from its [GitHub repository](<https://github.com/DarkCoderSc/DLest>). \n\n**PersistenceSniper** - This open-source PowerShell module can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted on Windows. As of today, this tool supports 40 persistence techniques and has intelligence to detect persistence via built-in binaries or LOLBINS. Check it out from the PowerShell gallery by running Import-Module PersistenceSniper or, download PersistenceSniper v1.8.0 [here](<https://github.com/last-byte/PersistenceSniper>). \n\n## New Vulnerabilities \n\n**CVE-2021-35587** \\- This is a heap-based buffer overflow in the sslvpnd component of Fortinet SSL VPNs. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. According to the vendor, this vulnerability is being actively exploited and has shared multiple IOCs associated with the exploit. Qualys customers can use VMDR QID 43944 for detecting vulnerable systems in their environment. \n\n**CVE-2022-27518** - An unauthenticated, remote code execution vulnerability exists in Citrix Application Delivery Controller (ADC) and Citrix Gateway versions prior to 13.0-58.32. These are older versions of Citrix products. All versions of the affected product released during the past 2 years are not in fact vulnerable. Furthermore, only customer-managed Citrix ADCs and Citrix Gateways that are configured as a SAML SP (service provider) or a SAML IdP (identity provider) are at risk and should be upgraded. This vulnerability is notable because threat groups like APT5/also known as UNC2630 and MANGANESE are targetting telecommunications and technology companies. NSA has also published guidance for this. Qualys customers can use VMDR QID 377825 for detecting vulnerable systems in their environment. \n\n**CVE-2022-44698** - This vulnerability is a result of a bypass to an older vulnerability tracked as CVE-2022-41091. A specially crafted file could be constructed to bypass the Mark of the Web (MOTW) defenses mechanism. It removes the MOTW feature from the file or makes it so that the MOTW isn't recognized by the security features that Microsoft provides and lets you open files without warnings. Qualys customers can use VMDR QID 91962 for detecting vulnerable systems in their environment. \n\n**CVE-2022-37958** - On December 13, Microsoft reclassified this vulnerability as \u201cCritical\u201d. The vulnerability is in the widely used SPNEGO Extended Negotiation (NEGOEX) Security Mechanism and allows remote code execution. This is used in most Windows application protocols that can authenticate, such as Server Message Block (SMB) or Remote Desktop Protocol (RDP), by default. Unlike EternalBlue and used in the WannaCry ransomware attacks, which only affected the SMB protocol, this vulnerability has a larger attack surface of services exposed to the public internet (HTTP, RDP, SMB) or on internal networks. Qualys customers can use VMDR QIDs 91940/91945 for detecting vulnerable systems in their environment. \n\n## Threat Thursdays Webinar \n\nIf you missed our second [Threat Thursdays monthly webinar](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>), where the Qualys Threat Research Unit (TRU) presented how we can learn from other successful ontologies to build and make better use of MITRE ATT&CK, you can watch the replay on-demand at the link below. \n\n[Watch Now](<https://gateway.on24.com/wcc/eh/3347108/lp/4019022/qualys-research-team-threat-thursdays-december-2022>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-29T19:05:19", "type": "qualysblog", "title": "Qualys Threat Research Unit: Threat Thursdays, December 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35587", "CVE-2022-27518", "CVE-2022-37958", "CVE-2022-41091", "CVE-2022-44698"], "modified": "2022-12-29T19:05:19", "id": "QUALYSBLOG:C1D4FC22F6D85FEFFDC5CE5F9BA32AA2", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:36:03", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2022-37954)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37954"], "modified": "2022-09-13T00:00:00", "id": "CPAI-2022-0563", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T22:36:00", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows ALPC Elevation of Privilege (CVE-2022-34725)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34725"], "modified": "2022-09-13T00:00:00", "id": "CPAI-2022-0564", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T22:36:02", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows GDI Elevation of Privilege (CVE-2022-34729)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34729"], "modified": "2022-09-13T00:00:00", "id": "CPAI-2022-0561", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T22:33:51", "description": "A remote code execution vulnerability exists in Microsoft Windows Internet Key Exchange protocol. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Internet Key Exchange Remote Code Execution (CVE-2022-34721)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34721"], "modified": "2022-09-21T00:00:00", "id": "CPAI-2022-0605", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T22:35:58", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-35803)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T00:00:00", "id": "CPAI-2022-0560", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "pentestpartners": [{"lastseen": "2022-10-13T09:09:43", "description": "![](https://www.pentestpartners.com/content/uploads/2020/10/eamsrce-headline.png)\n\n### TL;DR\n\nA remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September\u2019s patch Tuesday.\n\nThe vulnerability, filed under [CVE-2022-35841](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35841>), affects the Enterprise App Management Service which handles the installation of enterprise applications deployed via MDM.\n\nAn unprivileged user can exploit the vulnerability both locally and, in some cases, remotely and gain SYSTEM level access on vulnerable hosts.\n\n### Finding a target\n\nBack in May I was on the lookout for new coercion techniques we could use for our Red Team operations. Attacks like the printer bug discovered by Lee Christensen ([@tifkin_](<https://twitter.com/tifkin_>)), and PetitPotam discovered by Giles Lionel ([@topotam77](<https://twitter.com/topotam77>)), are still leveraged today and I was interested in obtaining other potentials to add to the list.\n\nMany of the techniques to date rely on various MS-RPC specifications, but I was interested in looking at DCOM based interfaces instead. DCOM is similar to RPC, and in fact is built on top of it. Many lateral movement techniques also utilise DCOM, for example the MMC20.Application COM object and it\u2019s ExecuteShellCommand method. Often blog posts mention empty launch and access permissions as the basis for enumeration of other potential interesting COM objects. Here is an example of the launch and activation permissions for MMC20.Application.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce1.png)\n\nWhen permissions are missing on a specific application, access and launch permissions revert to the defaults. The defaults allow Administrators both local and remote activation, therefore unprivileged users are out of luck. So, this got me thinking, are there any applications that do specify launch and activation permissions that permit anyone to interact with the interface locally or remotely that are privileged services? I wrote a quick C# app that enumerated all registered AppId\u2019s in the registry and ignored any that were not marked as LocalService. Applications hosted as services was important at the time as I wasn\u2019t interested in coercion of my own credentials, which would be the case if the COM object was activated as the authenticated user. After running the tool, I ended up with this list of applications.\n \n \n AppId: {0868DC9B-D9A2-4f64-9362-133CEA201299}, Name: sppui\n AppId: {1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}, Name: SharedRealitySvc\n AppId: {2A947841-0594-48CF-9C53-A08C95C22B55}, Name: XblAuthManager\n AppId: {2ED83BAA-B2FD-43B1-99BF-E6149C622692}, Name: WaaSMedicSvc\n AppId: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}, Name: EntAppSvc\n AppId: {478B41E6-3257-4519-BDA8-E971F9843849}, Name: Radio Management Service\n AppId: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}, Name: ShellServiceHost\n AppId: {5E176815-9A63-4A69-810F-62E90D36612A}, Name: cdpsvc\n AppId: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}, Name: Xbox Live Game Saves\n AppId: {C63261E4-6052-41FF-B919-496FECF4C4E5}, Name: EntAppSvc\n AppId: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}, Name: sppui\n AppId: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744}, Name: EntAppSvc\n\nThe EntAppSvc service piqued my interest only because it seemed to have multiple applications registered by the same service. A quick confirmation in OleView.NET showed that the Everyone SID had launch and activation permissions.\n\n### Digging Deeper\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce2.png)\n\nCOM objects can expose multiple interfaces, each with their own methods that can be executed by the caller. Similar to a REST endpoint for example. With a target application now worth investigating, next it was time to see what interfaces the application exposed.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce3.png)\n\nMany of the interfaces exposed were typical and implemented by many different COM objects, so the main functionality appeared to be implemented via the IEnterpriseModernAppManager interface. Using OleView.NET once again, we can decode the interface and determine what methods are exposed.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce4.png)\n\nThe interface exposed 5 methods, each one accepting 2 or 3 strings as arguments. The next goal was to see if we could figure out names of these functions as this would be an indication of behaviour.\n\nFiring up x64dbg and attaching to the svchost.exe belonging to the Enterprise App Management Service helped with this. Since the generic service host process was used for hosting, the service itself seemed to be implemented inside EnterpriseAppMgmtSvc.dll. Belonging to Microsoft, we should hopefully have the benefit of public symbols that we can also search for using the debugger. A quick search for EnterpriseModernAppManager (the name of the interface) resulted in the following symbols.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce5.png)\n\nThe class EnterpriseModernAppManger looks to be exposing 5 functions exactly matching the prototypes found via OleView.NET. The BSTR type in the definition is the equivalent to short* parameters in the debugger. BSTR\u2019s are typically UTF16 character strings, or unsigned shorts which are 16bit per character.\n\nBased on the names of the exposed methods, my goals had now changed from coercion to exploitation. Since this DCOM interface could be activated both locally and remotely by anyone, could we install something via calling these functions?\n\nFirst up was the InstallApplication method. At this stage the parameters were unknown, so invocation of the method was attempted with bogus string values. Immediately I was greeted with an access denied error. Whilst the DCOM activation permissions seem to allow Everyone, internally within the method additional validation was taking place. Losing hope, I decided to try the ProvisionApplication function instead, again using bogus parameter values. This time I was greeted with an error indicating the formatting of arguments was incorrect. Hmm, does this mean no security checks were being performed?\n\nUsing Ghidra, I had a quick look at the pseudo C code for the ProvisionApplication function which led to a function called ParseHostedInstallParameterString.\n\nImmediately I could see that it was expecting an XML string as one of the parameters.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce6.png)\n\nFurther on down the same function, I could see references to strings such as PackageUri which looked promising. Turning to Google to look for clues I ended up finding this page.\n\n<https://docs.microsoft.com/en-us/windows/client-management/mdm/enterprise-app-management#provision-apps-for-all-users-of-a-device>\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce7.png)\n\n### Provision for the win\n\nIt seems the Enterprise App Manager Service deals with MDM where providers such as InTune can provision and install Windows Store applications. Ghidra only seemed to include string references to attributes belonging to the Application XML element, therefore the conclusion was that one of the parameters was expected to be the Application XML element documented on MSDN. Through a process of trial and error, the second argument of the ProvisionApplication method seemed to be the XML string. Resulting in a prototype like this.\n \n \n uint ProvisionApplication(string unknown1, string xml, string unknown2);\n\nWindows Store apps require signed packages to install unless developer mode is enabled.I first attempted to install the official Netflix appx package. After invoking the ProvisionApplication function pointing to the Netflix installer, the app ended up being installed for all users shortly after initial logon. Provisioning seems to mark packages for installation automatically as soon as a user logs on. So far so good, but Windows Store applications run inside a sandbox.\n\nMicrosoft also introduced the MSIX application installer format, similar to appx in structure but these types of installers have better support for Win 32 style applications including the installation of Windows services. The manifest for the MSIX requires a few capabilities set to indicate that we want to leverage services and run with full trust. Whilst these types of applications are unlikely to be approved for the Windows Store, enterprises can via MDM.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce8.png)\n\nI went out and purchased a personal code signing certificate to sign the MSIX bundle, but equally an attacker with no morals could use any code signing certificate, including internally trusted CAs through AD CS or leaked certificates that could be potentially lurking on the dark web. Once the MSIX was built and signed, opening in explorer shows the elevated nature of the package.\n\nHere I created a sample msix application called SmackX. The application simply installs a privileged service that executes a PowerShell script on startup:\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce9.png)\n\n### Local privilege escalation\n\nUp until now, all actions against the Enterprise App Manage DCOM interface were performed against the local machine. Invoking the ProvisionApplication method with our crafted MSIX package resulted in the SmackX application along with its service being installed and started.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce10.png)\n\n### Remote execution\n\nAs mentioned at the start, DCOM objects can be activated both locally and remotely. In addition to the COM default permissions, which in our case has been overridden by the Enterprise App Manager application specifically to allow everyone remote activation, COM security has the concept of limits.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce11.png)\n\nAs the name suggests, the limits are an extra level of protection to prevent overly zealous applications configuring weak permissions for their own COM objects. So, whilst exploitation can also be performed remotely, the account you are using either needs to be a member of the Distributed COM Users group or the Performance Log Users group for remote launch and activation to succeed.\n\n![](https://www.pentestpartners.com/content/uploads/2022/09/eamsrce12.png)\n\n### Proof of Concept code\n\nI have published a [POC project on GitHub called ProvisionAppx](<https://github.com/CCob/ProvisionAppx>) that leverages the vulnerable DCOM interface and will allow any authenticated user to install an msix / appx installer.\n\n### Disclosure\n\nMicrosoft Security Response Center (MSRC) requested that no technical details or POC should be published until 30 days after the release of the fix.\n\n 1. 29th May 2022 \u2013 Initial disclosure to with detailed description and C# code to provision a package\n 2. 17th June 2022 \u2013 Contacted MSRC as case was put on hold with more information required.\n 3. 22nd June 2022 \u2013 MSRC request sample MSIX package, code signing cert purchased and MSIX app provided\n 4. 30th June 2022 \u2013 MSRC confirmed issue and started developing a fix\n 5. 12th September 2022 \u2013 Fix released as part of September Patch Tuesday\n 6. 13th October 2022 \u2013 Blog released 30 days after CVE publication\nThe post [MS Enterprise app management service RCE. CVE-2022-35841](<https://www.pentestpartners.com/security-blog/ms-enterprise-app-management-service-rce-cve-2022-35841/>) first appeared on [Pen Test Partners](<https://www.pentestpartners.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T05:48:43", "type": "pentestpartners", "title": "MS Enterprise app management service RCE. CVE-2022-35841", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-35841"], "modified": "2022-10-13T05:48:43", "id": "PENTESTPARTNERS:18D37B8C2CD2D054E0847CB1F4A3A13B", "href": "https://www.pentestpartners.com/security-blog/ms-enterprise-app-management-service-rce-cve-2022-35841/", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2022-09-19T19:58:17", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DirectX Graphics Kernel. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T00:00:00", "type": "zdi", "title": "Microsoft Windows DirectX Graphics Use-After-Free Local Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37954"], "modified": "2022-09-19T00:00:00", "id": "ZDI-22-1284", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1284/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-19T19:58:19", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. This vulnerability is dependent upon a Group Policy setting, and an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Group Policy Preference Client module. By creating a symbolic link, an attacker can cause the module to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T00:00:00", "type": "zdi", "title": "Microsoft Windows Group Policy Preference Link Following Local Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37955"], "modified": "2022-09-19T00:00:00", "id": "ZDI-22-1285", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1285/", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-12-12T06:44:58", "description": "DSInternals is vulnerable to privilege escalation. The vulnerability exists in the `save` function of `RoamedCredential.cs` because invalid characters are not properly parsed in windows roaming credential service which allows an attacker to write files on the file system with elevate privileges.\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-08T14:17:02", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2022-12-09T19:00:23", "id": "VERACODE:38382", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38382/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2023-01-08T05:05:14", "description": "### Impact\n\nA vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCredentials` LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges.\n\nA [similar security issue](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170) used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows.\n\n### Exploitability\n\nThe vulnerability can be exploited under the following circumstances:\n- An attacker is able to modify the `msPKIAccountCredentials` attribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND\n- A 3rd party application uses the `DSInternals.Common` library to export roamed credentials from Active Directory to a file system. AND\n- The application has administrative privileges on the local system.\n\nThe probability of any 3rd-party product using the `DSInternals.Common` library being affected by this vulnerability is extremely low.\n\n### Patches\n\nThe issue had been fixed in DSInternals 4.8.\n\n### References\n\nhttps://www.mandiant.com/resources/blog/apt29-windows-credential-roaming\n", "cvss3": {}, "published": "2022-12-06T21:13:49", "type": "github", "title": "DSInternals Credential Roaming Elevation of Privilege Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2023-01-08T05:01:48", "id": "GHSA-VX2X-9CFF-FHJW", "href": "https://github.com/advisories/GHSA-vx2x-9cff-fhjw", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-01-31T02:42:32", "description": "### Impact\n\nA vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCredentials` LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges.\n\nA [similar security issue](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170) used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows.\n\n### Exploitability\n\nThe vulnerability can be exploited under the following circumstances:\n- An attacker is able to modify the `msPKIAccountCredentials` attribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND\n- A 3rd party application uses the `DSInternals.Common` library to export roamed credentials from Active Directory to a file system. AND\n- The application has administrative privileges on the local system.\n\nThe probability of any 3rd-party product using the `DSInternals.Common` library being affected by this vulnerability is extremely low.\n\n### Patches\n\nThe issue had been fixed in DSInternals 4.8.\n\n### References\n\nhttps://www.mandiant.com/resources/blog/apt29-windows-credential-roaming\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-06T21:13:49", "type": "osv", "title": "DSInternals Credential Roaming Elevation of Privilege Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-30170"], "modified": "2023-01-31T02:42:28", "id": "OSV:GHSA-VX2X-9CFF-FHJW", "href": "https://osv.dev/vulnerability/GHSA-vx2x-9cff-fhjw", "cvss": {"score": 0.0, "vector": "NONE"}}], "githubexploit": [{"lastseen": "2022-11-19T15:04:33", "description": "# CVE-2022-33679\npoc of CVE-20...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-03T11:19:29", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-33679"], "modified": "2022-11-19T13:13:57", "id": "E5D8CAA1-5C17-5A66-B3B6-1C229182D694", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-01-21T21:05:17", "description": "# CVE-2022-34718 IPv6 Remote Code Execution exploit sample\n\nThis...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-03T11:39:25", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-34718"], "modified": "2023-01-21T17:50:11", "id": "A304CD7E-97E7-577B-91FF-D46A42433CD9", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2022-11-30T08:21:31", "description": "# CVE-2022-34721-RCE-POC\n\u6d41\u8840\u4f60(BLEED YOU) A critical RCE vulnerabi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-29T18:34:08", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-34721"], "modified": "2022-11-30T06:11:29", "id": "4855B030-D9C3-5C79-9B66-178F5260F85F", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}], "cnvd": [{"lastseen": "2022-09-16T17:40:02", "description": "Microsoft Windows TCP/IP component is a component of Microsoft Corporation (USA) that provides TCP/IP configuration functionality for Windows. a security vulnerability exists in Microsoft Windows TCP/IP. No detailed vulnerability details are available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "cnvd", "title": "Microsoft Windows TCP/IP Remote Code Execution Vulnerability (CNVD-2022-63613)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-34718"], "modified": "2022-09-16T00:00:00", "id": "CNVD-2022-63613", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-63613", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T17:40:04", "description": "Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation (USA).A security vulnerability exists in Microsoft Windows IKE Extension. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "cnvd", "title": "Microsoft Windows has an unspecified vulnerability (CNVD-2022-63614)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-34722"], "modified": "2022-09-16T00:00:00", "id": "CNVD-2022-63614", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-63614", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T17:40:06", "description": "Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation (USA).A security vulnerability exists in Microsoft Windows IKE Extension. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "cnvd", "title": "Microsoft Windows Internet has an unspecified vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-34721"], "modified": "2022-09-16T00:00:00", "id": "CNVD-2022-63615", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-63615", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T17:40:09", "description": "Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System (CLFS) API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. A security vulnerability exists in the Microsoft Windows Common Log File System Driver. No details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "cnvd", "title": "Microsoft Windows Common Log File System Driver has an unspecified vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-37969"], "modified": "2022-09-16T00:00:00", "id": "CNVD-2022-63618", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-63618", "cvss": {"score": 0.0, "vector": "NONE"}}], "hivepro": [{"lastseen": "2022-11-30T12:27:39", "description": "Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An active "Bleed You" campaign is leveraging a critical RCE (CVE-2022-34721) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions to assist subsequent malware and ransomware assaults and lateral network movement. This attack targeted vulnerable Windows operating systems, servers, protocols, and services.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-30T11:46:31", "type": "hivepro", "title": "Adversaries strike critical Windows IKE flaw in the \u201cBleed You\u201d campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34721"], "modified": "2022-11-30T11:46:31", "id": "HIVEPRO:E84F8B6C5ACC25E1292D697BE03628CC", "href": "https://www.hivepro.com/adversaries-strike-critical-windows-ike-flaw-in-the-bleed-you-campaign/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-26T12:40:20", "description": "Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft updated the severity level of the CVE-2022-37958 vulnerability from high to critical after discovering that threat actors can use the vulnerability to execute code remotely.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-26T10:37:19", "type": "hivepro", "title": "Microsoft Rolled Out SPNEGO NEGOEX Critical Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37958"], "modified": "2022-12-26T10:37:19", "id": "HIVEPRO:884DC2D35F8477A209AAB7B9045E6BAB", "href": "https://www.hivepro.com/microsoft-rolled-out-spnego-negoex-critical-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T10:06:15", "description": "Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed a zero-day vulnerability identified as CVE-2022-37969, an Elevation of Privilege vulnerability, in addition to a broad array of other significant flaws that might lead to Remote Code Execution, Information Disclosure, and Denial of Service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-16T09:03:27", "type": "hivepro", "title": "Microsoft busts an actively exploited zero-day and several critical flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37969"], "modified": "2022-09-16T09:03:27", "id": "HIVEPRO:B146CB21244E67A8A5B49722A69EDFE7", "href": "https://www.hivepro.com/microsoft-busts-an-actively-exploited-zero-day-and-several-critical-flaws/", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2023-01-11T11:09:11", "description": "None\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows Server 2022, see its update history page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5016693 (released August 16, 2022) and also addresses the following issues: \n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>)\n\n### Windows 10 servicing stack update - 20348.945\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017381. \nAfter installing this update, file copies using [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences **> **Windows Settings** in Group Policy Editor.| This issue was addressed in KB5018421. Installation of this update prevents and resolves this issue, but if any workaround was used to mitigate this issue, it will need to be changed back to the original configuration. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017316>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5017316](<https://download.microsoft.com/download/5/1/3/513f8daf-2d06-4f6a-9c8b-36b6277cb042/5017316.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.945](<https://download.microsoft.com/download/f/5/b/f5b9c564-cedf-4c7d-bf65-dacafb5c4853/SSU_version_20348_945.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017316 (OS Build 20348.1006)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017316", "href": "https://support.microsoft.com/en-us/help/5017316", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T11:09:12", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows 7 SP1 or Windows Server 2008 R2 SP1 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows 7 and Windows Server 2008 R2, see the following update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5016676](<https://support.microsoft.com/help/5016676>) (released August 9, 2022) and includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptom **| **Next step ** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n\u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.| This issue is resolved in update [KB5018454](<https://support.microsoft.com/help/5018454>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018454](<https://support.microsoft.com/help/5018454>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Prerequisite**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5017397](<https://support.microsoft.com/help/5017397>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017361>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017361](<https://download.microsoft.com/download/6/f/f/6ff96d09-1ecb-4c51-bcda-70aa60227616/5017361.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017361 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017361", "href": "https://support.microsoft.com/en-us/help/5017361", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T11:09:12", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows Server 2008 SP2 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows Server 2008 SP2, see the following update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5016669](<https://support.microsoft.com/help/5016669>) (released August 9, 2022) and includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n\u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.| This issue is resolved in update [KB5018450](<https://support.microsoft.com/help/5018450>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018450](<https://support.microsoft.com/help/5018450>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5016129](<https://support.microsoft.com/help/5016129>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017358>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017358](<https://download.microsoft.com/download/a/1/6/a16a2df4-093e-4c2e-85af-8e481452848f/5017358.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017358 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017358", "href": "https://support.microsoft.com/en-us/help/5017358", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-16T11:06:57", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT** Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of mainstream support and are now in extended security update (ESU) support. Windows Thin PC has reached the end of mainstream support; however, ESU support is not available. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows 7 SP1 or Windows Server 2008 R2 SP1 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows 7 SP1 and Windows Server 2008 R2 SP1, see the following update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements**\n\nThis security-only update includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018479](<https://support.microsoft.com/help/5018479>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018479](<https://support.microsoft.com/help/5018479>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates. Extended support ended as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ended on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ended on October 13, 2020.\n * For Windows Embedded POS Ready 7, extended support ended on October 12, 2021.\n * For Windows Thin PC, extended support ended on October 12, 2021. Note that ESU support is not available for Windows Thin PC.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5017397](<https://support.microsoft.com/help/5017397>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5016618](<https://support.microsoft.com/help/5016618>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017373>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017373](<https://download.microsoft.com/download/c/3/e/c3ee55a8-ad79-4b99-be54-6dac03465efe/5017373.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017373 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017373", "href": "https://support.microsoft.com/en-us/help/5017373", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-16T11:06:57", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates in the **How to get this update** section before installing this update. Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)\u2014and because ESU can only be purchased in [specific 12-month periods](<https://docs.microsoft.com/lifecycle/faq/extended-security-updates>)\u2014you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows Server 2008 SP2 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to [install, activate, and deploy ESUs](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) are the same for first, second, and third year coverage. For more information, see [Obtaining Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) for the Volume Licensing process and [Purchasing Windows 7 ESUs as a Cloud Solution Provider](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/purchasing-windows-7-esus-as-a-cloud-solution-provider/ba-p/1034637>) for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).For more information, see the [ESU blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-extended-security-updates-for-windows-7-and-windows/ba-p/1872910>).\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages for Windows Server 2008 SP2, see the following update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements**\n\nThis security-only update includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018446](<https://support.microsoft.com/help/5018446>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018446](<https://support.microsoft.com/help/5018446>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates because extended support ended on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB5016129](<https://support.microsoft.com/help/5016129>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).\n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5016618](<https://support.microsoft.com/help/5016618>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017371>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017371](<https://download.microsoft.com/download/f/0/6/f068e32d-11a4-4f38-a7e2-1690c54f795e/5017371.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017371 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017371", "href": "https://support.microsoft.com/en-us/help/5017371", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-16T11:06:55", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**REMINDER** [Windows 8.1](<https://docs.microsoft.com/lifecycle/products/windows-81>) will reach end of support on January 10, 2023, at which point technical assistance and software updates will no longer be provided. If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release. If devices do not meet the technical requirements to run a more current release of Windows, we recommend that you replace the device with one that supports Windows 11.Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization\u2019s exposure to security risks or impact its ability to meet compliance obligations.For more information, see [Windows 8.1 support will end on January 10, 2023](<https://support.microsoft.com/windows/windows-8-1-support-will-end-on-january-10-2023-3cfd4cde-f611-496a-8057-923fba401e93>).[Windows Server 2012 R2](<https://docs.microsoft.com/lifecycle/products/windows-server-2012-r2>) will reach end of support on October 10, 2023 for Datacenter, Essentials, Embedded Systems, Foundation, and Standard.\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis security-only update includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptoms**| **Next step** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018476](<https://support.microsoft.com/help/5018476>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018476](<https://support.microsoft.com/help/5018476>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5017398](<https://support.microsoft.com/help/5017398>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5016618](<https://support.microsoft.com/help/5016618>)).\n\n**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017365>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017365](<https://download.microsoft.com/download/2/f/d/2fd6b656-6963-4244-8508-4ce55135b659/5017365.csv>). \n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017365 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017365", "href": "https://support.microsoft.com/en-us/help/5017365", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-13T10:55:41", "description": "None\n**7/12/22** \nAfter September 20, 2022, there will no longer be optional, non-security releases (known as \"C\" or preview releases) for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates (known as the \"B\" or Update Tuesday release) will continue for the 2019 LTSC editions and Windows Server 2019. \n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1809, see its update history page. \n\n## Highlights \n\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5016690 (released August 23, 2022) and also addresses the following issues:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n### Windows 10 servicing stack update - 17763.3232\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017379. \nAfter installing this update, file copies using [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences **> **Windows Settings** in Group Policy Editor.| This issue was addressed in KB5018419. Installation of this update prevents and resolves this issue, but if any workaround was used to mitigate this issue, it will need to be changed back to the original configuration. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:You **must **install the August 10, 2021 SSU (KB5005112) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017315>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5017315](<https://download.microsoft.com/download/8/c/0/8c0394c0-c4a0-4d86-9522-1c40c4e96bf5/5017315.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 17763.3232](<https://download.microsoft.com/download/f/5/1/f51753ae-66cd-4568-8fb6-5a5cbf79186c/SSU_version_17763_3232.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017315 (OS Build 17763.3406)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017315", "href": "https://support.microsoft.com/en-us/help/5017315", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-30T11:02:13", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## How to get this update \n\n### Before installing this update \n\nMicrosoft now combines the latest servicing stack update (SSU) for your operating system with the hotpatch update. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update or Windows Server Update Services (WSUS), the latest SSU will be installed with this update.\n\n### Install this update\n\nRelease Channel| Available| Next Step \n---|---|--- \nWindows Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| No| To get the standalone package for this update, go to the Microsoft Update Catalog website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows Server 2022 Datacenter: Azure Edition HotpatchClassification: Security Updates \n \n## File information\n\nFor a list of the files that are provided in this update, download the [file information for cumulative update 5017392](<https://download.microsoft.com/download/5/1/3/513f8daf-2d06-4f6a-9c8b-36b6277cb042/5017316.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.945](<https://download.microsoft.com/download/f/5/b/f5b9c564-cedf-4c7d-bf65-dacafb5c4853/SSU_version_20348_945.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014 KB5017392 (OS Build 20348.916)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017392", "href": "https://support.microsoft.com/en-us/help/5017392", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T11:09:13", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**REMINDER** [Windows 8.1](<https://docs.microsoft.com/lifecycle/products/windows-81>) will reach end of support on January 10, 2023, at which point technical assistance and software updates will no longer be provided. If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release. If devices do not meet the technical requirements to run a more current release of Windows, we recommend that you replace the device with one that supports Windows 11.Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization\u2019s exposure to security risks or impact its ability to meet compliance obligations.For more information, see [Windows 8.1 support will end on January 10, 2023](<https://support.microsoft.com/windows/windows-8-1-support-will-end-on-january-10-2023-3cfd4cde-f611-496a-8057-923fba401e93>).[Windows Server 2012 R2](<https://docs.microsoft.com/lifecycle/products/windows-server-2012-r2>) will reach end of support on October 10, 2023 for Datacenter, Essentials, Embedded Systems, Foundation, and Standard.\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis cumulative security update includes improvements that are part of update [KB5016681](<https://support.microsoft.com/help/5016681>) (released August 9, 2022) and includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptoms**| **Next step** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018454](<https://support.microsoft.com/help/5018454>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018474](<https://support.microsoft.com/help/5018474>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5017398](<https://support.microsoft.com/help/5017398>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017367>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017367](<https://download.microsoft.com/download/5/7/7/5771cf45-6276-4d8b-8645-1378219f095d/5017367.csv>). \n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017367 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017367", "href": "https://support.microsoft.com/en-us/help/5017367", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T11:09:13", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT** [Windows Server 2012](<https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012>) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that you have installed the required updates listed in the **How to get this update** section before installing this update.\n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5016672](<https://support.microsoft.com/help/5016672>) (released August 9, 2022) and includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptoms**| **Next step** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018457](<https://support.microsoft.com/help/5018457>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018457](<https://support.microsoft.com/help/5018457>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5016263](<https://support.microsoft.com/help/5016263>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017370>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5017370](<https://download.microsoft.com/download/7/f/f/7ff3a661-63cb-479f-8879-a31cb6324da4/5017370.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017370 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017370", "href": "https://support.microsoft.com/en-us/help/5017370", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-13T10:55:41", "description": "None\n**8/26/22** \n**REMINDER **Windows Server, version 20H2 reached end of service on August 9, 2022. After August 9, 2022, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows Server.We will continue to service the following editions: Windows 10 Enterprise and Education, Windows 10 IoT Enterprise, Windows 10 Enterprise multi-session, and Windows 10 on Surface Hub. \n\n**5/10/22** \n**REMINDER **To update to one of the newer versions of Windows 10, we recommend that you use the appropriate Enablement Package KB (EKB). Using the EKB makes updating faster and easier and requires a single restart. To find the EKB for a specific OS, go to the **Improvements** section and click or tap the OS name to expand the collapsible section. \n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 20H2, see its update history page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard.\n\n## Highlights\n\n * Addresses security issues for your Windows operating system. \n\n## Improvements \n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H2\n\n**Important: **Use EKB KB5003791 to update to Windows 10, version 21H2.\n\nThis security update includes quality improvements. Key changes include: \n\n * This build includes all the improvements from the supported Windows 10, version 20H2 editions.\n * No additional issues were documented for this release. \n\n### \n\n__\n\nWindows 10, version 21H1\n\n**Important: **Use EKB KB5000736 to update to Windows 10, version 21H1.\n\nThis security update includes quality improvements. Key changes include: \n\n * This build includes all the improvements from the supported Windows 10, version 20H2 editions.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2 editions: Windows 10 Enterprise Multi-Session, Windows 10 Enterprise and Education, Windows 10 IoT Enterprise\n\n**Important: **Use EKB KB4562830 to update to Windows Server, version 20H2.\n\nThis security update includes improvements that were a part of update KB5016688 (released August 26, 2022) and also addresses the following issues: \n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>). \n\n### Windows 10 servicing stack update - 19042.1940, 19043.1940, and 19044.1940\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \n| \nAfter installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, \"This page cannot be displayed\" within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.This issue does not affect most home users. The [XPS Viewer is no longer installed by default as of Windows 10, version 1803](<https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features>) and [must be manually installed](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fapplication-management%2Fadd-apps-and-features&data=05%7C01%7Cv-shros%40microsoft.com%7Cf67e41cad4af4dcf09ac08da79a42805%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637956043196783103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mAxvq%2BP02NuUNLL2Heb2Ukgr1KQwfN5Gs0xwQBs5egY%3D&reserved=0>).| This issue is addressed in KB5017380. \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017380. \nAfter installing this update, file copies using [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences **> **Windows Settings** in Group Policy Editor.| This issue was addressed in KB5018410. Installation of this update prevents and resolves this issue, but if any workaround was used to mitigate this issue, it will need to be changed back to the original configuration. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:Based on your installation scenario, choose one of the following:\n\n 1. For offline OS image servicing:If your image does not have the March 22, 2022 (KB5011543) or later LCU, you **must **install the special standalone May 10, 2022 SSU (KB5014032) before installing this update.\n 2. For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog: If your devices do not have the May 11, 2021 (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260) before installing this update.\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017308>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5017308](<https://download.microsoft.com/download/a/f/c/afcd607b-e9da-487e-a462-e51a8f66099d/5017308.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19042.1940, 19043.1940, and 19044.1940](<https://download.microsoft.com/download/7/f/e/7fe2ea72-c849-41c6-80d0-a17ab27cd91b/SSU_version_19041_1940.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017308 (OS Builds 19042.2006, 19043.2006, and 19044.2006)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017308", "href": "https://support.microsoft.com/en-us/help/5017308", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-13T10:55:43", "description": "None\nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 11 (original release), see its update history page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the Windows release health dashboard. \n\n![Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.](https://support.content.office.net/en-us/media/4873755a-8b1e-497e-bc54-101d1e75d3e7.png)\n\n## Highlights \n\n * Addresses a known issue that affects Microsoft accounts (MSA). The web dialog that you use to sign in or sign out might not appear. This issue occurs on devices that have installed KB5016691.\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5016691 (released August 25, 2022) and also addresses the following issues: \n\n * Addresses a known issue that affects Microsoft accounts (MSA). The web dialog that you use to sign in or sign out might not appear. This issue occurs on devices that have installed KB5016691.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n### Windows 11 servicing stack update - 22000.975\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Applies to**| **Symptom**| **Workaround** \n---|---|--- \nIT admins| After installing this update, XPS Viewer might be unable to open XML Paper Specification (XPS) documents in some non-English languages, including some Japanese and Chinese character encodings. This issue affects both XML Paper Specification (XPS) and Open XML Paper Specification (OXPS) files. When encountering this issue, you may receive an error, \"This page cannot be displayed\" within XPS Viewer or it might stop responding and have high CPU usage with continually increasing memory usage. When the error is encountered, if XPS Viewer is not closed it might reach up to 2.5GB of memory usage before closing unexpectedly.This issue does not affect most home users. The [XPS Viewer is no longer installed by default as of Windows 10, version 1803](<https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features>) and [must be manually installed](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fwindows%2Fapplication-management%2Fadd-apps-and-features&data=05%7C01%7Cv-shros%40microsoft.com%7Cf67e41cad4af4dcf09ac08da79a42805%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637956043196783103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mAxvq%2BP02NuUNLL2Heb2Ukgr1KQwfN5Gs0xwQBs5egY%3D&reserved=0>).| This issue is addressed in KB5017383. \nAll users| Starting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is addressed in KB5017383. \nIT admins| After installing this update, file copies using [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences **> **Windows Settings** in Group Policy Editor.| This issue was addressed in KB5018418. Installation of this update prevents and resolves this issue, but if any workaround was used to mitigate this issue, it will need to be changed back to the original configuration. \n \n## How to get this update\n\n**Before installing this update**Microsoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017328>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 11**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5017328](<https://download.microsoft.com/download/c/7/8/c78fc24a-01f1-4788-a8d3-6e11c4b3dd68/5017328.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 22000.975](<https://download.microsoft.com/download/f/2/f/f2f58748-5e2b-4be4-bea3-37af775daf0c/SSU_version_22000_975.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017328 (OS Build 22000.978)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017328", "href": "https://support.microsoft.com/en-us/help/5017328", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-16T11:06:58", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **[Windows Server 2012](<https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012>) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**Note** For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis security-only update includes key changes for the following issue:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.\nFor more information about the resolved security vulnerabilities, please refer to the [Deployments | Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>) and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## **Known issues in this update**\n\n**Symptoms**| **Next step** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| This issue is resolved in update [KB5018478](<https://support.microsoft.com/help/5018478>). \nAfter installing this update, file copies which use [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files that have 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences** > **Windows Settings** in Group Policy Editor.| This issue is resolved in update [KB5018478](<https://support.microsoft.com/help/5018478>). If any workaround was used to mitigate this issue, we recommend that you revert to your original configuration. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5016263](<https://support.microsoft.com/help/5016263>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n\n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5016618](<https://support.microsoft.com/help/5016618>)).\n\n**Language packs**If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017377>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for KB5017377](<https://download.microsoft.com/download/a/4/2/a4256952-adc6-424a-9bca-ccb2d0d885d1/5017377.csv>).\n\n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017377 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017377", "href": "https://support.microsoft.com/en-us/help/5017377", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T11:09:09", "description": "None\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1607, see its update history page. \n\n## Highlights\n\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes quality improvements. Key changes include: \n\n * Provides a Group Policy that affects Microsoft Edge IE mode. Administrators can use this Group Policy to let you use the CTRL+S shortcut (Save As) in Microsoft Edge IE mode.\n * Addresses an issue that might log requests against the wrong endpoint.\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [September 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nStarting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:\n\n * \u200bTime shown in Windows and apps will not be correct.\n * \u200bApps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.\n * \u200bAutomation that uses date and time, such as Scheduled tasks, might not run at the expected time.\n * \u200bTimestamp on transactions, files, and logs will be 60 minutes off.\n * \u200bOperations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.\n * \u200bWindows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.\n| To mitigate this issue, please see [Possible issues caused by new Daylight Savings Time in Chile](<https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016#2892msgdesc>).We are working on a resolution and will provide an update in an upcoming release.**Note **We plan to release an update to support this change; however, there might be insufficient time to properly build, test, and release such an update before the change goes into effect. Please use the workaround above. \nAfter installing this update, file copies using [Group Policy Preferences](<https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922\$v=ws.11\$>) might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in **User Configuration** > **Preferences **> **Windows Settings** in Group Policy Editor.| This issue was addressed in KB5018411. Installation of this update prevents and resolves this issue, but if any workaround was used to mitigate this issue, it will need to be changed back to the original configuration. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>). If you are using Windows Update, the latest SSU (KB5017396) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5017305>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5017305](<https://download.microsoft.com/download/a/a/a/aaac3921-c041-4cea-9135-169e871bb51f/5017305.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mskb", "title": "September 13, 2022\u2014KB5017305 (OS Build 14393.5356)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803"], "modified": "2022-09-13T07:00:00", "id": "KB5017305", "href": "https://support.microsoft.com/en-us/help/5017305", "cvss": {"score": 0.0, "vector": "NONE"}}], "schneier": [{"lastseen": "2023-01-03T20:10:31", "description": "A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers [just realized](<https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/>) how serious it was (and is):\n\n> Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it's wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.\n> \n> But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.\n> \n> [\u2026]\n> \n> Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-22T12:01:37", "type": "schneier", "title": "Critical Microsoft Code-Execution Vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-37958"], "modified": "2022-12-21T19:03:41", "id": "SCHNEIER:CB553D932DAFD3781B29AD0FB9C289C4", "href": "https://www.schneier.com/blog/archives/2022/12/critical-microsoft-code-execution-vulnerability.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisa_kev": [{"lastseen": "2022-09-14T17:21:08", "description": "Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-37969"], "modified": "2022-09-14T00:00:00", "id": "CISA-KEV-CVE-2022-37969", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "securelist": [{"lastseen": "2022-11-30T12:08:22", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/17134132/abstract_binary_brain_report-990x400.jpg)\n\n * [IT threat evolution in Q3 2022](<https://securelist.com/it-threat-evolution-q3-2022/107957/>)\n * **IT threat evolution in Q3 2022. Non-mobile statistics**\n * [IT threat evolution in Q3 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q3-2022-mobile-statistics/107978/>)\n\n_These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q3 2022:\n\n * Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe.\n * Web Anti-Virus recognized 251,288,987 unique URLs as malicious.\n * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 99,989 unique users.\n * Ransomware attacks were defeated on the computers of 72,941 unique users.\n * Our File Anti-Virus detected 49,275,253 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Number of users attacked by banking malware\n\nIn Q3 2022, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 99,989 unique users.\n\n_Number of unique users attacked by financial malware, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154318/01-en-malware-report-q3-2022-pc-stat.png>))_\n\n### TOP 10 banking malware families\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 33.2 \n2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 15.2 \n3 | IcedID | Trojan-Banker.Win32.IcedID | 10.0 \n4 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 5.8 \n5 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 5.8 \n6 | SpyEye | Trojan-Spy.Win32.SpyEye | 2.1 \n7 | RTM | Trojan-Banker.Win32.RTM | 1.9 \n8 | Danabot | Trojan-Banker.Win32.Danabot | 1.4 \n9 | Tinba/TinyBanker | Trojan-Banker.Win32.Tinba | 1.4 \n10 | Gozi | Trojan-Banker.Win32.Gozi | 1.1 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n### Geography of financial malware attacks\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 4.7 \n2 | Afghanistan | 4.6 \n3 | Paraguay | 2.8 \n4 | Tajikistan | 2.8 \n5 | Yemen | 2.3 \n6 | Sudan | 2.3 \n7 | China | 2.0 \n8 | Switzerland | 2.0 \n9 | Egypt | 1.9 \n10 | Venezuela | 1.8 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000). \n** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\nThe third quarter of 2022 saw the builder for LockBit, a well-known ransomware, [leaked online](<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/>). LockBit themselves attributed the leakage to one of their developers' personal initiative, not the group's getting hacked. One way or another, the LockBit 3.0 build kit is now accessible to the broader cybercriminal community. Similarly to other ransomware families in the past, such as Babuk and Conti, Trojan builds generated with the leaked builder began to serve other groups unrelated to LockBit. One example was Bloody/Bl00dy [spotted back in May](<https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/>). A borrower rather than a creator, this group added the freshly available LockBit to its arsenal in September 2022.\n\nMass attacks on NAS (network attached storage) devices continue. QNAP issued warnings about Checkmate and Deadbolt infections in Q3 2022. The [former](<https://www.qnap.com/en/security-advisory/QSA-22-21>) threatened files accessible from the internet over SMB protocol and protected by a weak account password. The latter [attacked](<https://www.qnap.com/en/security-news/2022/take-immediate-action-to-update-photo-station-to-the-latest-available-version>) devices that had a vulnerable version of the Photo Station software installed. Threats that target NAS remain prominent, so we recommend keeping these devices inaccessible from the internet to ensure maximum safety of your data.\n\nThe United States Department of Justice [announced](<https://www.justice.gov/opa/pr/justice-department-seizes-and-forfeits-approximately-500000-north-korean-ransomware-actors>) that it had teamed up with the FBI to seize about $500,000 paid as ransom after a Maui ransomware attack. The Trojan was likely [used](<https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/>) by the North Korean operators Andariel. The DOJ said victims had started getting their money back.\n\nThe creators of the little-known AstraLocker and Yashma ransomware [published](<https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/>) decryptors and stopped spreading both of them. The hackers provided no explanation for the move, but it appeared to be related to an increase in media coverage.\n\n### Number of new modifications\n\nIn Q3 2022, we detected 17 new ransomware families and 14,626 new modifications of this malware type. More than 11,000 of those were assigned the verdict of Trojan-Ransom.Win32.Crypmod, which hit the sixth place in our rankings of the most widespread ransomware Trojans.\n\n_Number of new ransomware modifications, Q3 2021 \u2014 Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154421/03-en-ru-es-malware-report-q3-2022-pc-stat.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q3 2022, Kaspersky products and technologies protected 72,941 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154500/04-en-malware-report-q3-2022-pc-stat.png>))_\n\n**TOP 10 most common families of ransomware Trojans**\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 \n4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod \n7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 \n8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 \n9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 \n10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n### Geography of attacked users\n\n**TOP 10 countries and territories attacked by ransomware Trojans**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.66 \n2 | Yemen | 1.30 \n3 | South Korea | 0.98 \n4 | Taiwan | 0.77 \n5 | Mozambique | 0.64 \n6 | China | 0.52 \n7 | Colombia | 0.43 \n8 | Nigeria | 0.40 \n9 | Pakistan | 0.39 \n10 | Venezuela | 0.32 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000). \n** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts*** | **Percentage of attacked users**** \n---|---|---|--- \n1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 \n4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 5.46 \n7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 \n8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 \n9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 \n10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 \n \n_* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to providing statistical data. \n** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q3 2022, Kaspersky systems detected 153,773 new miner mods. More than 140,000 of these were found in July and August; combined with June's figure of more than 35,000, this suggests that miner creators kept themselves abnormally busy this past summer.\n\n_Number of new miner modifications, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154533/06-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Number of users attacked by miners\n\nIn Q3, we detected attacks that used miners on the computers of 432,363 unique users of Kaspersky products worldwide. A quieter period from late spring through the early fall was followed by another increase in activity.\n\n_Number of unique users attacked by miners, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154601/07-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Geography of miner attacks\n\n**TOP 10 countries and territories attacked by miners**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Ethiopia | 2.38 \n2 | Kazakhstan | 2.13 \n3 | Uzbekistan | 2.01 \n4 | Rwanda | 1.93 \n5 | Tajikistan | 1.83 \n6 | Venezuela | 1.78 \n7 | Kyrgyzstan | 1.73 \n8 | Mozambique | 1.57 \n9 | Tanzania | 1.56 \n10 | Ukraine | 1.54 \n \n_* Excluded are countries and territories with relatively few users of Kaspersky products (under 50,000). \n** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by criminals during cyberattacks\n\n### Quarterly highlights\n\nQ3 2022 was remembered for a series of vulnerabilities discovered in various software products. Let's begin with Microsoft Windows and some of its components. Researchers found new vulnerabilities that affected the CLFS driver: [CVE-2022-30220](<https://nvd.nist.gov/vuln/detail/CVE-2022-30220>), along with [CVE-2022-35803](<https://nvd.nist.gov/vuln/detail/CVE-2022-35803>) and [CVE-2022-37969](<https://nvd.nist.gov/vuln/detail/CVE-2022-37969>), both encountered in the wild. By manipulating Common Log File System data in a specific way, an attacker can make the kernel write their own data to arbitrary memory addresses, allowing cybercriminals to hijack kernel control and elevate their privileges in the system. Several vulnerabilities were discovered in the Print Spooler service: [CVE-2022-22022](<https://nvd.nist.gov/vuln/detail/CVE-2022-22022>), [CVE-2022-30206](<https://nvd.nist.gov/vuln/detail/CVE-2022-30206>), and [CVE-2022-30226](<https://nvd.nist.gov/vuln/detail/CVE-2022-30226>). These allow elevating the system privileges through a series of manipulations while installing a printer. Serious vulnerabilities were also discovered in the Client/Server Runtime Subsystem (CSRSS), an essential Windows component. Some of these can be exploited for privilege escalation ([CVE-2022-22047](<https://nvd.nist.gov/vuln/detail/CVE-2022-22047>), [CVE-2022-22049](<https://nvd.nist.gov/vuln/detail/CVE-2022-22049>), and [CVE-2022-22026](<https://nvd.nist.gov/vuln/detail/CVE-2022-22026>)), while [CVE-2022-22038](<https://nvd.nist.gov/vuln/detail/CVE-2022-22038>) affects remote procedure call (RPC) protocol, allowing an attacker to execute arbitrary code remotely. A series of critical vulnerabilities were discovered in the graphics subsystem, including [CVE-2022-22034](<https://nvd.nist.gov/vuln/detail/CVE-2022-22034>) and [CVE-2022-35750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35750>), which can also be exploited for privilege escalation. Note that most of the above vulnerabilities require that exploits entrench in the system before an attacker can run their malware. The Microsoft Support Diagnostic Tool (MSDT) was found to contain a further two vulnerabilities, [CVE-2022-34713](<https://nvd.nist.gov/vuln/detail/CVE-2022-34713>) and [CVE-2022-35743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35743>), which can be exploited to take advantage of security flaws in the link handler to remotely run commands in the system.\n\nMost of the network threats detected in Q3 2022 were again attacks associated with [brute-forcing](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) passwords for Microsoft SQL Server, RDP, and other services. Network attacks on vulnerable versions of Windows via EternalBlue, EternalRomance, and other exploits were still common. The attempts at exploiting network services and other software via vulnerabilities in the Log4j library ([CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>), [CVE-2021-44832](<https://nvd.nist.gov/vuln/detail/CVE-2021-44832>), [CVE-2021-45046](<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>), and [CVE-2021-45105](<https://nvd.nist.gov/vuln/detail/cve-2021-45105>)) also continued. Several vulnerabilities were found in the Microsoft Windows Network File System (NFS) driver. These are [CVE-2022-22028](<https://nvd.nist.gov/vuln/detail/CVE-2022-22028>), which can lead to leakage of confidential information, as well as [CVE-2022-22029](<https://nvd.nist.gov/vuln/detail/CVE-2022-22029>), [CVE-2022-22039](<https://nvd.nist.gov/vuln/detail/CVE-2022-22039>) and [CVE-2022-34715](<https://nvd.nist.gov/vuln/detail/CVE-2022-34715>), which a cybercriminal can use to remotely execute arbitrary code in the system \u2014 in kernel context \u2014 by using a specially crafted network packet. The TCP/IP stack was found to contain the critical vulnerability [CVE-2022-34718](<https://nvd.nist.gov/vuln/detail/CVE-2022-34718>), which allows in theory to remotely exploit a target system by taking advantage of errors in the IPv6 protocol handler. Finally, it is worth mentioning the [CVE-2022-34724](<https://nvd.nist.gov/vuln/detail/CVE-2022-34724>) vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited.\n\nTwo vulnerabilities in Microsoft Exchange Server, [CVE-2022-41040](<https://nvd.nist.gov/vuln/detail/CVE-2022-41040>) and [CVE-2022-41082](<https://nvd.nist.gov/vuln/detail/CVE-2022-41082>), received considerable media coverage. They were collectively dubbed "ProxyNotShell" in reference to the ProxyShell vulnerabilities with similar exploitation technique (they were closed earlier). Researchers discovered the ProxyNotShell exploits while investigating an APT attack: an authenticated user can use the loopholes to elevate their privileges and run arbitrary code on an MS Exchange server. As a result, the attacker can steal confidential data, encrypt critical files on the server to to extort money from the victim, etc.\n\n### Vulnerability statistics\n\nIn Q3 2022, malicious Microsoft Office documents again accounted for the greatest number of detections \u2014 80% of the exploits we discovered, although the number decreased slightly compared to Q2. Most of these detections were triggered by exploits that targeted the following vulnerabilities:\n\n * [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>) and [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), in the Equation Editor component, which allow corrupting the application memory when processing formulas, and subsequently running arbitrary code in the system;\n * [CVE-2017-0199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199>), which allows downloading and running malicious script files;\n * [CVE-2022-30190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190>), also known as "Follina", which exploits a flaw in the Microsoft Windows Support Diagnostic Tool (MSDT) for running arbitrary programs in a vulnerable system even in Protected Mode or when macros are disabled;\n * [CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>), which allows an attacker to deploy malicious code using a special ActiveX template due to inadequate input validation.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154631/09-en-malware-report-q3-2022-pc-stat.png>))_\n\nThese were followed by exploits that target browsers. Their share amounted to 6%, or 1% higher than in Q2. We will list the most serious vulnerabilities, all of them targeting Google Chrome:\n\n * [CVE-2022-2294](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>), in the WebRTC component, which leads to buffer overflow;\n * [CVE-2022-2624](<https://nvd.nist.gov/vuln/detail/CVE-2022-2624>), which exploits a memory overflow error in the PDF viewing component;\n * [CVE-2022-2295](<https://nvd.nist.gov/vuln/detail/CVE-2022-2295>), a Type Confusion error that allows an attacker to corrupt the browser process memory remotely and run arbitrary code in a sandbox;\n * [CVE-2022-3075](<https://nvd.nist.gov/vuln/detail/CVE-2022-3075>), an error linked to inadequate input validation in the Mojo interprocess communication component in Google Chromium-based browsers that allows escaping the sandbox and running arbitrary commands in the system.\n\nSince many modern browsers are based on Google Chromium, attackers can often take advantage of the shared vulnerabilities to attack the other browsers as long as they run on one engine.\n\nA series of vulnerabilities were identified in Microsoft Edge. Worth noting is [CVE-2022-33649](<https://nvd.nist.gov/vuln/detail/CVE-2022-33649>), which allows running an application in the system by circumventing the browser protections; [CVE-2022-33636](<https://nvd.nist.gov/vuln/detail/CVE-2022-33636>) and [CVE-2022-35796](<https://nvd.nist.gov/vuln/detail/CVE-2022-35796>), Race Condition vulnerabilities that ultimately allow a sandbox escape; and [CVE-2022-38012](<https://nvd.nist.gov/vuln/detail/CVE-2022-38012>), which exploits an application memory corruption error, with similar results.\n\nThe Mozilla Firefox browser was found to contain vulnerabilities associated with memory corruption, which allow running arbitrary code in the system: [CVE-2022-38476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476>), a Race Condition vulnerability that leads to a subsequent Use-After-Free scenario, and the similar vulnerabilities [CVE-2022-38477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477>) and [CVE-2022-38478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478>), which exploit memory corruption. As you can see from our reports, browsers are an attractive target for cybercriminals, as these are widely used and allow attackers to infiltrate the system remotely and virtually unbeknownst to the user. That said, browser vulnerabilities are not simple to exploit, as attackers often have to use a chain of vulnerabilities to work around the protections of modern browsers.\n\nThe remaining positions in our rankings were distributed among Android (5%) and Java (4%) exploits. The fifth-highest number of exploits (3%) targeted Adobe Flash, a technology that is obsolete but remains in use. Rounding out the rankings with 2% were exploits spread through PDF documents.\n\n## Attacks on macOS\n\nThe third quarter of 2022 brought with it a significant number of interesting macOS malware discoveries. In particular, researchers found [Operation In(ter)ception](<https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/>), a campaign operated by North Korean Lazarus group, which targets macOS users looking for cryptocurrency jobs. The malware was disguised as documents containing summaries of positions at Coinbase and Crypto.com.\n\n[CloudMensis](<https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/>), a spy program written in Objective-C, used cloud storage services as C&C servers and [shared several characteristics](<https://twitter.com/ESETresearch/status/1575103839115804672>) with the RokRAT Windows malware operated by ScarCruft.\n\nThe creators of XCSSET [adapted](<https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/>) their toolset to macOS Monterey and migrated from Python 2 to Python 3.\n\nIn Q3, cybercrooks also began to make use of open-source tools in their attacks. July saw the discovery of two campaigns that used a fake [VPN application](<https://www.sentinelone.com/blog/from-the-front-lines-new-macos-covid-malware-masquerades-as-apple-wears-face-of-apt/>) and fake [Salesforce updates](<https://twitter.com/ESETresearch/status/1547943014860894210>), both built on the Sliver framework.\n\nIn addition to this, researchers announced a new multi-platform [find](<https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/>): the LuckyMouse group (APT27 / Iron Tiger / Emissary Panda) attacked Windows, Linux, and macOS users with a malicious mod of the Chinese MiMi instant messaging application.\n\n### TOP 20 threats for macOS\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Amc.e | 14.77 \n2 | AdWare.OSX.Pirrit.ac | 10.45 \n3 | AdWare.OSX.Agent.ai | 9.40 \n4 | Monitor.OSX.HistGrabber.b | 7.15 \n5 | AdWare.OSX.Pirrit.j | 7.10 \n6 | AdWare.OSX.Bnodlero.at | 6.09 \n7 | AdWare.OSX.Bnodlero.ax | 5.95 \n8 | Trojan-Downloader.OSX.Shlayer.a | 5.71 \n9 | AdWare.OSX.Pirrit.ae | 5.27 \n10 | Trojan-Downloader.OSX.Agent.h | 3.87 \n11 | AdWare.OSX.Bnodlero.bg | 3.46 \n12 | AdWare.OSX.Pirrit.o | 3.32 \n13 | AdWare.OSX.Agent.u | 3.13 \n14 | AdWare.OSX.Agent.gen | 2.90 \n15 | AdWare.OSX.Pirrit.aa | 2.85 \n16 | Backdoor.OSX.Twenbc.e | 2.85 \n17 | AdWare.OSX.Ketin.h | 2.82 \n18 | AdWare.OSX.Pirrit.gen | 2.69 \n19 | Trojan-Downloader.OSX.Lador.a | 2.52 \n20 | Downloader.OSX.InstallCore.ak | 2.28 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nAs usual, our TOP 20 ranking for biggest threats encountered by users of Kaspersky security solutions for macOS were dominated by adware. AdWare.OSX.Amc.e, touted as "Advanced Mac Cleaner," had taken the top place for a second quarter in a row. This application displays fake system issue messages, offering to buy the full version to fix those. Second and third places went to members of the AdWare.OSX.Pirrit and AdWare.OSX.Agent families.\n\n### Geography of threats for macOS\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | France | 1.71 \n2 | Canada | 1.70 \n3 | Russia | 1.57 \n4 | India | 1.53 \n5 | United States | 1.52 \n6 | Spain | 1.48 \n7 | Australia | 1.36 \n8 | Italy | 1.35 \n9 | Mexico | 1.27 \n10 | United Kingdom | 1.24 \n \n_* Excluded from the rankings are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000). \n** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nFrance, with 1.71%, was again the most attacked country by number of users. Canada, with 1.70%, and Russia, with 1.57%, followed close behind. The most frequently encountered family in France and Canada was AdWare.OSX.Amc.e, and in Russia, it was AdWare.OSX.Pirrit.ac.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q3 2022, three-fourths of the devices that attacked Kaspersky honeypots used the Telnet protocol.\n\nTelnet | 75.92% \n---|--- \nSSH | 24.08% \n \n_Distribution of attacked services by number of unique IP addresses of attacking devices, Q3 2022_\n\nA majority of the attacks on Kaspersky honeypots in terms of sessions were controlled via Telnet as well.\n\nTelnet | 97.53% \n---|--- \nSSH | 2.47% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q3 2022_\n\n**TOP 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 28.67 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 18.63 \n3 | Backdoor.Linux.Mirai.ba | 11.63 \n4 | Backdoor.Linux.Mirai.cw | 10.94 \n5 | Backdoor.Linux.Gafgyt.a | 3.69 \n6 | Backdoor.Linux.Mirai.ew | 3.49 \n7 | Trojan-Downloader.Shell.Agent.p | 2.56 \n8 | Backdoor.Linux.Gafgyt.bj | 1.63 \n9 | Backdoor.Linux.Mirai.et | 1.17 \n10 | Backdoor.Linux.Mirai.ek | 1.08 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT-threat statistics are published in the DDoS report for Q3 2022.\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums._\n\n### Countries and territories that serve as sources of web-based attacks: TOP 10\n\n_The following statistics show the distribution by country or territory of the sources of internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q3 2022, Kaspersky solutions blocked 956,074,958 attacks launched from online resources across the globe. A total of 251,288,987 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources country and territory, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154703/11-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Countries and territories where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries and territories, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.\n\nNote that these rankings only include attacks by malicious objects that fall under the **_Malware_**_ class_; they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Taiwan | 19.65 \n2 | Belarus | 17.01 \n3 | Serbia | 15.05 \n4 | Russia | 14.12 \n5 | Algeria | 14.01 \n6 | Turkey | 13.82 \n7 | Tunisia | 13.31 \n8 | Bangladesh | 13.30 \n9 | Moldova | 13.22 \n10 | Palestine | 12.61 \n11 | Yemen | 12.58 \n12 | Ukraine | 12.25 \n13 | Libya | 12.23 \n14 | Sri Lanka | 11.97 \n15 | Kyrgyzstan | 11.69 \n16 | Estonia | 11.65 \n17 | Hong Kong | 11.52 \n18 | Nepal | 11.52 \n19 | Syria | 11.39 \n20 | Lithuania | 11.33 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware**-class attacks as a percentage of all unique users of Kaspersky products in the country._\n\nOn average during the quarter, 9.08% of internet users' computers worldwide were subjected to at least one **Malware**-class web attack.\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q3 2022, our File Anti-Virus detected **49,275,253** malicious and potentially unwanted objects.\n\n### Countries and territories where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nThese rankings only include attacks by malicious programs that fall under the **Malware** class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 46.48 \n2 | Yemen | 45.12 \n3 | Afghanistan | 44.18 \n4 | Cuba | 40.48 \n5 | Tajikistan | 39.17 \n6 | Bangladesh | 37.06 \n7 | Uzbekistan | 37.00 \n8 | Ethiopia | 36.96 \n9 | South Sudan | 36.89 \n10 | Myanmar | 36.64 \n11 | Syria | 34.82 \n12 | Benin | 34.56 \n13 | Burundi | 33.91 \n14 | Tanzania | 33.05 \n15 | Rwanda | 33.03 \n16 | Chad | 33.01 \n17 | Venezuela | 32.79 \n18 | Cameroon | 32.30 \n19 | Sudan | 31.93 \n20 | Malawi | 31.88 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware**-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\nOn average worldwide, Malware-class local threats were registered on 14.74% of users' computers at least once during Q3. Russia scored 16.60% in this ranking.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-18T08:10:34", "type": "securelist", "title": "IT threat evolution in Q3 2022. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2018-0802", "CVE-2021-40444", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-22022", "CVE-2022-22026", "CVE-2022-22028", "CVE-2022-22029", "CVE-2022-22034", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2624", "CVE-2022-30190", "CVE-2022-30206", "CVE-2022-30220", "CVE-2022-30226", "CVE-2022-3075", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-34718", "CVE-2022-34724", "CVE-2022-35743", "CVE-2022-35750", "CVE-2022-35796", "CVE-2022-35803", "CVE-2022-37969", "CVE-2022-38012", "CVE-2022-38476", "CVE-2022-38477", "CVE-2022-38478", "CVE-2022-41040", "CVE-2022-41082"], "modified": "2022-11-18T08:10:34", "id": "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "href": "https://securelist.com/it-threat-evolution-in-q3-2022-non-mobile-statistics/107963/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}