DATABASE RESOURCES PRICING ABOUT US

{"id": "RH:CVE-2022-34303", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2022-34303", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n", "published": "2022-08-23T15:09:56", "modified": "2023-05-09T12:35:07", "epss": [{"cve": "CVE-2022-34303", "epss": 0.00057, "percentile": 0.21812, "modified": "2023-06-03"}], "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 2.5, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://access.redhat.com/security/cve/cve-2022-34303", "reporter": "redhat.com", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-34303\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34303\nhttps://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/\nhttps://kb.cert.org/vuls/id/309662", "https://bugzilla.redhat.com/show_bug.cgi?id=2120701"], "cvelist": ["CVE-2022-34303"], "immutableFields": [], "lastseen": "2023-06-03T17:15:05", "viewCount": 63, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2023:2487"]}, {"type": "avleonov", "idList": ["AVLEONOV:37BE727F2D0C216B8B10BD6CBE6BD061"]}, {"type": "cert", "idList": ["VU:309662"]}, {"type": "cve", "idList": ["CVE-2022-34303"]}, {"type": "kaspersky", "idList": ["KLA12602"]}, {"type": "mscve", "idList": ["MS:CVE-2022-34303"]}, {"type": "mskb", "idList": ["KB5012170"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2023-2487.NASL", "ORACLELINUX_ELSA-2023-2487.NASL", "REDHAT-RHSA-2023-2487.NASL", "SMB_NT_MS22_AUG_5016616.NASL", "SMB_NT_MS22_AUG_5016627.NASL", "SMB_NT_MS22_AUG_5016629.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2023-2487"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "QUALYSBLOG:AE4AA7402829D66599C8A25E83DD0FD2"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:882168BD332366CE296FB09DC00E018E"]}, {"type": "redhat", "idList": ["RHSA-2023:2487"]}, {"type": "thn", "idList": ["THN:659E57C980959B9830361E6D3C4D2687"]}]}, "epss": [{"cve": "CVE-2022-34303", "epss": 0.00057, "percentile": 0.21761, "modified": "2023-05-02"}], "vulnersScore": 7.4}, "_state": {"score": 1685812894, "dependencies": 1685832767, "epss": 0}, "_internal": {"score_hash": "f986611c4adae4b0b3d3eb9b488d7152"}, "vendorCvss": {"score": "7.2", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2023-06-03T14:47:03", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T18:15:00", "type": "cve", "title": "CVE-2022-34303", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2022-09-01T19:16:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:redhat:enterprise_linux:9.0", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "CVE-2022-34303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-06-03T14:59:04", "description": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34303"], "modified": "2022-08-09T07:00:00", "id": "MS:CVE-2022-34303", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34303", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-08-13T16:15:16", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiOTFfjdzI6BxlMGVqOYdMZInBX6v1uUwksEPq02Vmc8CaGff1La_jrz3Guok3LsuDryJGYZaBlMcpTTDVEnACkrudTS2Kbr5stlqs1IPkIZC3sK3Z9nbnndimw5Diu_FFkitgRbk8pS_WHIainQnT7v1GJ9-IxDiYU-rhtC0dpt_-QaMUM9vh4CsUe/s728-e100/bootloader.jpg>)\n\nA security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface ([UEFI](<https://en.wikipedia.org/wiki/UEFI>)) boot loaders that allow bypass of the UEFI Secure Boot feature.\n\n\"These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one,\" hardware security firm Eclypsium [said](<https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022>) in a report shared with The Hacker News.\n\nThe following [vendor-specific boot loaders](<https://kb.cert.org/vuls/id/309662>), which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's [Patch Tuesday update](<https://thehackernews.com/2022/08/microsoft-issues-patches-for-121-flaws.html>) released this week -\n\n * Eurosoft Boot Loader ([CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>))\n * New Horizon Data Systems Inc Boot Loader ([CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>)), and\n * Crypto Pro Boot Loader ([CVE-20220-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>))\n\nSecure Boot is a [security standard](<https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot>) designed to thwart malicious programs from loading when a computer starts up (boots) and ensure only the software that is trusted by the Original Equipment Manufacturer (OEM) is launched.\n\n\"The firmware boot loaders boot the UEFI environment and hands over control to UEFI applications written by the SoC vendor, Microsoft, and OEMs,\" Microsoft [notes](<https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/boot-and-uefi>) in its documentation. \"The UEFI environment launches the Windows Boot Manager, which determines whether to boot to Full Flash Update (FFU) image flashing or device reset mode, to the update OS, or to the main OS.\"\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj0KiXfCZpGUNDe4cHiRS5wgEY-34NpfN1PrLm7mC8ZWq6-QtMO6uCsfId8hWYoapUykp4vMwSSXNityVgwVCpS5TEbH3dHHuaxz3O_E9NTeg4hJeXCwnrWIHx2tftRqpYbe9T_4af6LJLQjJTVYsCmuIGsGVboYDHfBg9HVRK5HyRr1YfZITxfGAlL/s728-e100/exploit.jpg>)\n\nIn a nutshell, [successful exploitation of the flaws](<https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>) identified by Eclypsium could permit an adversary to circumvent security guardrails at startup and execute arbitrary unsigned code during the boot process.\n\nThis can have further knock-on effects, enabling a bad actor to gain entrenched access and [establish persistence](<https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.html>) on a host through in a manner that can survive operating system reinstalls and hard drive replacements, not to mention completely bypassing detection by security software.\n\nCalling CVE-2022-34302 \"far more stealthy,\" Eclypsium noted the New Horizon Datasys vulnerability is not only trivial to exploit in the wild, but can also \"enable even more complex evasions such as disabling security handlers.\"\n\nSecurity handlers, for instance, can [include](<https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation>) Trusted Platform Module (TPM) measurements and signature checks, Eclypsium researchers Mickey Shkatov and Jesse Michael said. \n\nIt's worth noting that exploiting these vulnerabilities requires an attacker to have administrator privileges, although gaining local privilege escalation is not considered insurmountable owing to the fact that Microsoft doesn't treat User Account Control ([UAC](<https://en.wikipedia.org/wiki/User_Account_Control>)) bypass as a [security risk](<https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria>).\n\n\"Much like [BootHole](<https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html>), these vulnerabilities highlight the challenges of ensuring the boot integrity of devices that rely on a complex supply chain of vendors and code working together,\" the researchers concluded, adding \"these issues highlight how simple vulnerabilities in third-party code can undermine the entire process.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-08-12T20:02:00", "type": "thn", "title": "Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-08-13T12:24:29", "id": "THN:659E57C980959B9830361E6D3C4D2687", "href": "https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2023-05-19T10:53:25", "description": "None\n**NOTE** Improved diagnostics have been added to detect and report issue details through the event log. Please see [KB5016061: Addressing vulnerable and revoked Boot Managers](<https://support.microsoft.com/help/5016061>) for more information.\n\n## **Applies to**\n\nThis security update applies only to the following Windows versions:\n\n * * Windows Server 2012\n * Windows 8.1 and Windows Server 2012 R2\n * Windows 10, version 1507\n * Windows 10, version 1607 and Windows Server 2016\n * Windows 10, version 1809 and Windows Server 2019\n * Windows 10, version 20H2\n * Windows 10, version 21H1\n * Windows 10, version 21H2\n * Windows 10, version 22H2\n * Windows Server 2022\n * Windows 11, version 21H2\n * Windows 11, version 22H2\n * Azure Stack HCI, version 1809\n * Azure Stack Data Box, version 1809 (ASDB)\n\n## **Summary**\n\nThis security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the \"Applies to\" section. Key changes include the following: \n\n * * Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX. \n \nA security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software. \n \nThis security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.\nTo learn more about this security vulnerability, see the following advisory:\n * * [ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB](<https://msrc.microsoft.com/update-guide/vulnerability/ADV200011>)\nFor additional information about this security vulnerability, see the following resources: \n * * [CVE-2022-34301 | Eurosoft Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34301>)\n * [CVE-2022-34302 | New Horizon Data Systems Inc Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34302>)\n * [CVE-2022-34303 | Crypto Pro Boot Loader Bypass](<https://vulners.com/cve/CVE-2022-34303>)\n\n## **Known issues**\n\n**Issue**| **Next step** \n---|--- \nIf BitLocker Group Policy **Configure TPM platform validation profile for native UEFI firmware configurations** is enabled and PCR7 is selected by policy, it may result in the update failing to install.To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions.| To workaround this issue, do one of the following before you deploy this update:\n\n * On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle:`\n \n \rManage-bde \u2013Protectors \u2013Disable C: -RebootCount 1\n\n`Then, deploy the update and restart the device to resume the BitLocker protection.\n * On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles:`\n \n \rManage-bde \u2013Protectors \u2013Disable C: -RebootCount 3\t\t\t\t\n\n`Then, deploy the update and restart the device to resume the BitLocker protection. \nWhen attempting to install this update, it might fail to install, and you might receive Error 0x800f0922.**Note** This issue only affects this security update for Secure Boot DBX (KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security-only updates.| To resolve this issue, install the Servicing Stack Update (SSU) released March 14, 2023, or a later SSU update, for your supported Windows operating system:\n\n * Windows 11, version 22H2 SSU (SSU installed from cumulative update [KB5023706](<https://support.microsoft.com/help/5023706>))\n * Windows 11, version 21H2 SSU (SSU installed from cumulative update [KB5023698](<https://support.microsoft.com/help/5023698>))\n * Windows Server 2022 SSU (SSU installed from cumulative update [KB5023705](<https://support.microsoft.com/help/5023705>))\n * Windows 10, version 20H2, 21H2, and 22H2 SSU (SSU installed from cumulative update [KB5023696](<https://support.microsoft.com/help/5023696>))\n * Windows 10, version 1809/Windows Server 2019 (SSU installed from cumulative update [KB5023702](<https://support.microsoft.com/help/5023702>))\n * Windows Server 2016 SSU [KB5023788](<https://support.microsoft.com/help/5023788>)\n * Windows 10 SSU [KB5023787](<https://support.microsoft.com/help/5023787>)\n * Windows Server 2012 R2 SSU [KB5023790](<https://support.microsoft.com/help/5023790>)\n * Windows Server 2012 SSU [KB5023791](<https://support.microsoft.com/help/5023791>)\nFor information about the new error events added by these SSU updates and actions to take when an error occurs, see [KB5016061](<https://support.microsoft.com/help/5016061>). \nSome devices might enter BitLocker Recovery on the first or second restart after attempting to install this update on Windows 11.| This issue is addressed in the servicing stack updates (SSU) and the latest cumulative updates (LCU) dated July 12, 2022 and later. \n \n## **How to get this update**\n\n**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5012170>)website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, version 1903 and later, Windows 11, Azure Stack HCI, Azure Data Box**Classification**: Security Updates \n**Prerequisites**Make sure you have the lastest servicing stack update (SSU) installed. For information about the latest SSU for your operating system, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001>).**Restart information** Your device does not have to restart when you apply this update. If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device might request a restart. **Update replacement information **This update replaces previously released update [KB4535680](<https://support.microsoft.com/help/4535680>).\n\n## **File information**\n\nThe English (United States) version of this security update installs files that have the attributes that are listed in the following tables. \n\n### **Azure Stack HCI, version 1809**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jul-2022| 18:12| 3 \ndbxupdate.bin| Not versioned| 13-Jul-2022| 18:12| 13,778 \nTpmTasks.dll| 10.0.17784.2602| 20-Jul-2022| 21:53| 114,688 \n \n### **Azure Stack Data Box, version 1809**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File version** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jun-2022| 21:46| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:50| 6,002 \nTpmTasks.dll| 10.0.17763.10933| 20-Jul-2022| 21:13| 84,992 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 13-Jul-2022| 18:07| 3 \ndbxupdate.bin| Not versioned| 13-Jul-2022| 18:07| 13,778 \nTpmTasks.dll| 10.0.17763.10933| 20-Jul-2022| 21:32| 110,592 \n \n### **Windows 11, version 22H2**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 16-Jun-2022| 19:56| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:18| 13,778 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 21:05| 296,960 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 11, version 21H2**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:06| 13,778 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:34| 323,584 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:04| 4,370 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:50| 313,856 \n \n### **Windows Server 2022**\n\n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:06| 13,778 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:34| 323,584 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 23-Apr-2022| 14:18| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:04| 4,370 \nTpmTasks.dll| 10.0.22000.850| 11-Jul-2022| 20:50| 313,856 \n \n### **Windows 10, version 22H2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Dec-21| 18:29| 3 \ndbxupdate.bin| Not versioned| 21-Jul-22| 0:24| 6,002 \nTpmTasks.dll| 10.0.14393.5285| 21-Jul-22| 0:25| 59,904 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Sep-21| 13:17| 3 \ndbxupdate.bin| Not versioned| 21-Jul-22| 1:38| 13,778 \nTpmTasks.dll| 10.0.14393.5285| 21-Jul-22| 1:42| 72,192 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 10, version 20H2, 21H1, and 21H2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:16| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 6,002 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:38| 242,688 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 16-Jun-2022| 19:56| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:18| 13,778 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 21:05| 296,960 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 6-Jun-2022| 18:24| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:16| 4,370 \nTpmTasks.dll| 10.0.19041.1880| 11-Jul-2022| 20:43| 324,096 \n \n### **Windows 10, version 1809 and Windows Server 2019**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 27-Jun-2022| 17:57| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:47| 6,002 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:36| 84,992 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 24-May-2022| 12:34| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:50| 13,778 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:40| 110,592 \n \n### \n\n__\n\nFor all supported Arm64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 24-May-2022| 12:33| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 17:49| 4,370 \nTpmTasks.dll| 10.0.17763.3280| 11-Jul-2022| 21:30| 115,712 \n \n### **Windows 10, version 1607 and Windows Server 2016**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Dec-2021| 18:29| 3 \ndbxupdate.bin| Not versioned| 12-Jul-2022| 20:44| 6,002 \nTpmTasks.dll| 10.0.14393.5281| 12-Jul-2022| 20:44| 59,904 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 30-Sep-2021| 13:17| 3 \ndbxupdate.bin| Not versioned| 14-Jul-2022| 2:15| 13,778 \nTpmTasks.dll| 10.0.14393.5281| 14-Jul-2022| 2:17| 72,192 \n \n### **Windows 10, version 1507**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:41| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:41| 6,002 \nTpmTasks.dll| 10.0.10240.19297| 2-May-2022| 16:52| 46,080 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:41| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:41| 13,778 \nTpmTasks.dll| 10.0.10240.19297| 2-May-2022| 16:56| 56,320 \n \n### **Windows 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 28-Oct-2021| 12:35| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:51| 6,002 \nTpmTasks.dll| 6.3.9600.20512| 11-Jul-2022| 20:50| 152,576 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 1-Jan-2022| 0:00| 3 \ndbxupdate.bin| Not versioned| 12-Jul-2022| 12:36| 13,778 \nTpmTasks.dll| 6.3.9600.20512| 12-Jul-2022| 14:57| 181,760 \n \n### \n\n__\n\nFor all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 14-Oct-2021| 18:42| 3 \ndbxupdate.bin| Not versioned| 7-Jun-2022| 12:03| 7,085 \nTpmTasks.dll| 6.3.9600.20512| 11-Jul-2022| 20:38| 137,216 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 11-Jul-2022| 18:14| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:14| 6,002 \nTpmTasks.dll| 6.2.9200.23709| 21-Apr-2022| 12:26| 81,408 \n \n### \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \ndbupdate.bin| Not versioned| 17-Jun-2022| 18:01| 3 \ndbxupdate.bin| Not versioned| 11-Jul-2022| 18:07| 13,778 \nTpmTasks.dll| 6.2.9200.23709| 21-Apr-2022| 12:45| 99,328 \n \n## **References**\n\nLearn about the [standard terminology](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) that is used to describe Microsoft software updates.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mskb", "title": "KB5012170: Security update for Secure Boot DBX", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-08-09T07:00:00", "id": "KB5012170", "href": "https://support.microsoft.com/en-us/help/5012170", "cvss": {"score": 0.0, "vector": "NONE"}}], "cert": [{"lastseen": "2023-06-03T15:49:39", "description": "### Overview\n\nA security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process.\n\n### Description\n\nUEFI firmware is software written by vendors in the [UEFI ecosystem](<https://uefi.org/node/4046>) to provide capabilities in the early start up phases of a computer. [Secure Boot](<https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot>) is a UEFI standard that can be enabled and used to verify firmware and to protect a system against malicious code being loaded and executed early in the boot process, prior to the loading of the operating system. \n\nSecurity researchers at [Eclypsium](<https://eclypsium.com>) have found three specific UEFI bootloaders that are signed and authenticated by Microsoft to be vulnerable to a security feature bypass vulnerability allowing an attacker to bypass Secure Boot when it is enabled. The vulnerable bootloaders can be tricked to bypass Secure Boot via a custom installer (CVE-2022-34302) or an EFI shell (CVE-2022-34301 and CVE-2022-34303). As a vulnerable bootloader executes unsigned code prior to initialization of the the Operating System's (OS) boot process, it cannot be easily monitored by the OS or common Endpoint Detection and Response (EDR) tools.\n\nThe following vendor-specific bootloaders were found vulnerable:\n\n * Inherently vulnerable bootloader to bypass Secure Boot\n * New Horizon Datasys Inc (CVE-2022-34302) \n * UEFI Shell execution to bypass Secure Boot\n * CryptoPro Secure Disk (CVE-2022-34301)\n * Eurosoft (UK) Ltd (CVE-2022-34303)\n\n### Impact\n\nAn attacker can bypass a system's Secure Boot feature at startup and execute arbitrary code before the operating system (OS) loads. Code executed in these early boot phases can provide persistence to an attacker, potentially loading arbitrary kernel extensions that survive both reboot and re-installation of an OS. It may also evade common OS-based and EDR security defenses.\n\n### Solution\n\n#### Apply a patch\n\nApply your vendor-provided security updates that address these vulnerabilities to block vulnerable firmware from bypassing Secure Boot. Microsoft has provided details with their [KB5012170](<https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>) article released on August 9th 2022. Note, these updates can be delivered from your OEM vendor or the OS vendor to install an updated [Secure Boot Forbidden Signature Database (DBX) ](<https://uefi.org/revocationlistfile>). \n\n#### Enterprise and Product Developers\n\nAs DBX file changes can cause a system to become [unstable](<https://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/>), Vendors are urged to verify the DBX updates do not cause the machine to be unusable. Enterprises and Cloud Providers that manage large number of computers are also urged to do the required security updates and ensure DBX files are implemented reliably without any risk of boot failure.\n\n### Acknowledgements\n\nThanks to Mickey Shkatov and Jesse Michael of Eclypsium who researched and reported these vulnerabilities.\n\nThis document was written by Brad Runyon &amp; Vijay Sarvepalli.\n\n### Vendor Information\n\n309662\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Microsoft __ Affected\n\nNotified: 2022-05-24 Updated: 2022-08-11\n\n**Statement Date: June 01, 2022**\n\n**CVE-2022-34301**| Affected \n---|--- \n**Vendor Statement:** \nMicrosoft has worked closely with the vendor, Eurosoft (UK) to remedy the vulnerable bootloader issue, and has blocked the certificate previously issued with the July 2022 Security Update Release. \n**CVE-2022-34302**| Affected \n**Vendor Statement:** \nMicrosoft has blocked the certificate previously issued to New Horizon Datasys Inc. with the July 2022 Security Update Release. \n**CVE-2022-34303**| Affected \n**Vendor Statement:** \nMicrosoft has worked closely with the vendor, CryptoPro Secure Disk (CPSD) to remedy the vulnerable bootloader issue, and has blocked the certificate previously issued with the July 2022 Security Update Release. \n \n### Red Hat __ Affected\n\nNotified: 2022-08-02 Updated: 2022-08-25\n\n**Statement Date: August 16, 2022**\n\n**CVE-2022-34301**| Affected \n---|--- \n**CVE-2022-34302**| Affected \n**CVE-2022-34303**| Affected \n \n#### Vendor Statement\n\nRed Hat has evaluated this issue and determined we are affected by this vulnerability. Although Red Hat doesn't ship any of the affected shim versions, it would still be bootable in machines installed with Red Hat Enterprise Linux as the shim signatures are still not listed in the DBX. Red Hat is working to provide a DBX update disallowing the affected shims to be booted.\n\n### Fujitsu __ Not Affected\n\nNotified: 2022-09-21 Updated: 2022-09-28\n\n**Statement Date: September 23, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nFujitsu is aware of the vulnerabilities in third party UEFI bootloaders by New Horizon Datasys Inc, CryptoPro Secure Disk and Eurosoft (UK) Ltd.\n\nFujitsu commenced an analysis, inquired manufacturer Insyde, and simultaneously resorted to CERT/CC intelligence.\n\nBased on that, UEFI-BIOS manufacturers will provide a Secure Boot Forbidden Signature Database (DBX) update, along with future firmware releases. These updates will be integrated timely into Fujitsu UEFI-BIOS firmware.\n\nThe Fujitsu PSIRT has no plans to issue a dedicated Security Notice or similar. Due to the mitigation by OEM vendors and OS vendors at the same time, the issue is therefore considered resolved.\n\nIn case of questions, please contact the Fujitsu PSIRT (Fujitsu-PSIRT@ts.fujitsu.com).\n\n### Insyde Software Corporation Not Affected\n\nNotified: 2022-08-09 Updated: 2022-08-25\n\n**Statement Date: August 17, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Phoenix Technologies Not Affected\n\nNotified: 2022-08-09 Updated: 2022-08-11\n\n**Statement Date: August 09, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Toshiba Corporation Not Affected\n\nNotified: 2022-08-02 Updated: 2022-08-25\n\n**Statement Date: August 16, 2022**\n\n**CVE-2022-34301**| Not Affected \n---|--- \n**CVE-2022-34302**| Not Affected \n**CVE-2022-34303**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel __ Unknown\n\nNotified: 2022-08-02 Updated: 2022-09-12\n\n**Statement Date: August 26, 2022**\n\n**CVE-2022-34301**| Unknown \n---|--- \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n**CVE-2022-34302**| Unknown \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n**CVE-2022-34303**| Unknown \n**Vendor Statement:** \nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners. \n \n#### Vendor Statement\n\nIntel is aware of reports around a vulnerability within signed bootloaders and is actively investigating if our products are impacted. If products are found to be impacted, a security advisory will be published coordinated with our ecosystem partners.\n\n### Acer Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Amazon Unknown\n\nUpdated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AMD Unknown\n\nNotified: 2022-08-11 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### American Megatrends Incorporated (AMI) Unknown\n\nNotified: 2022-08-09 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Debian GNU/Linux Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dynabook Inc. Unknown\n\nNotified: 2022-08-24 Updated: 2022-08-25 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Gamma Tech Computer Corp. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GETAC Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Unknown\n\nUpdated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ReactOS Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Star Labs Online Limited Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### UEFI Security Response Team Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VAIO Corporation Unknown\n\nNotified: 2022-08-02 Updated: 2022-08-11 **CVE-2022-34301**| Unknown \n---|--- \n**CVE-2022-34302**| Unknown \n**CVE-2022-34303**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 25 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022>\n * <https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15>\n * <https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot>\n * <https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot>\n * <https://uefi.org/sites/default/files/resources/Insyde%20HPE%20NSA%20and%20UEFI%20Secure%20Boot%20Guidelines_FINAL%20v2.pdf>\n * <https://eclypsium.com/2022/07/26/firmware-security-realizations-part-1-secure-boot-and-dbx/>\n * <https://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/>\n * <https://uefi.org/revocationlistfile>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2022-34301 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34301>) [CVE-2022-34302 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34302>) [CVE-2022-34303 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2022-34303>) \n---|--- \n**API URL: ** | VINCE JSON | CSAF \n**Date Public:** | 2022-08-11 \n**Date First Published:** | 2022-08-11 \n**Date Last Updated: ** | 2022-09-28 15:32 UTC \n**Document Revision: ** | 5 \n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-11T00:00:00", "type": "cert", "title": "Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-09-28T15:32:00", "id": "VU:309662", "href": "https://www.kb.cert.org/vuls/id/309662", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:48:02", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-14T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : fwupd (ALSA-2023:2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:fwupd", "p-cpe:/a:alma:linux:fwupd-devel", "p-cpe:/a:alma:linux:fwupd-plugin-flashrom", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::baseos", "cpe:/o:alma:linux:9::crb", "cpe:/o:alma:linux:9::highavailability", "cpe:/o:alma:linux:9::nfv", "cpe:/o:alma:linux:9::realtime", "cpe:/o:alma:linux:9::resilientstorage", "cpe:/o:alma:linux:9::sap", "cpe:/o:alma:linux:9::sap_hana", "cpe:/o:alma:linux:9::supplementary"], "id": "ALMA_LINUX_ALSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175616", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2023:2487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175616);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n script_xref(name:\"ALSA\", value:\"2023:2487\");\n\n script_name(english:\"AlmaLinux 9 : fwupd (ALSA-2023:2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2023-2487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(256, 494, 552);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::supplementary\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T00:41:45", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-12T00:00:00", "type": "nessus", "title": "RHEL 9 : fwupd (RHSA-2023:2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:fwupd-devel", "p-cpe:/a:redhat:enterprise_linux:fwupd-plugin-flashrom"], "id": "REDHAT-RHSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175438", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:2487. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175438);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n script_xref(name:\"RHSA\", value:\"2023:2487\");\n\n script_name(english:\"RHEL 9 : fwupd (RHSA-2023:2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:2487 advisory.\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-34303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:2487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(256, 494, 552);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.8.10-2.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'sp':'2', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.8.10-2.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:46:29", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2487 advisory.\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-15T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : fwupd (ELSA-2023-2487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:fwupd", "p-cpe:/a:oracle:linux:fwupd-devel", "p-cpe:/a:oracle:linux:fwupd-plugin-flashrom"], "id": "ORACLELINUX_ELSA-2023-2487.NASL", "href": "https://www.tenable.com/plugins/nessus/175702", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-2487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175702);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/15\");\n\n script_cve_id(\n \"CVE-2022-3287\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\"\n );\n\n script_name(english:\"Oracle Linux 9 : fwupd (ELSA-2023-2487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-2487 advisory.\n\n - A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this\n bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code\n in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use\n with this bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34301)\n\n - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader\n to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-\n boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this\n bootloader. Access to the EFI System Partition is required for booting using external media.\n (CVE-2022-34302)\n\n - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to\n /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same\n configuration file. (CVE-2022-3287)\n\n - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass\n or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,\n an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.\n Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-2487.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3287\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-34303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fwupd-plugin-flashrom\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-devel-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.0.1.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-plugin-flashrom-1.8.10-2.0.1.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:38", "description": "The remote Windows host is missing security update 5016629. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "KB5016629: Windows 11 Security Update (August 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30133", "CVE-2022-30144", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35797", "CVE-2022-35804", "CVE-2022-35820"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_AUG_5016629.NASL", "href": "https://www.tenable.com/plugins/nessus/163945", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163945);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-30133\",\n \"CVE-2022-30144\",\n \"CVE-2022-30194\",\n \"CVE-2022-30197\",\n \"CVE-2022-33670\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\",\n \"CVE-2022-34689\",\n \"CVE-2022-34690\",\n \"CVE-2022-34691\",\n \"CVE-2022-34696\",\n \"CVE-2022-34699\",\n \"CVE-2022-34701\",\n \"CVE-2022-34702\",\n \"CVE-2022-34703\",\n \"CVE-2022-34704\",\n \"CVE-2022-34705\",\n \"CVE-2022-34706\",\n \"CVE-2022-34707\",\n \"CVE-2022-34708\",\n \"CVE-2022-34709\",\n \"CVE-2022-34710\",\n \"CVE-2022-34712\",\n \"CVE-2022-34713\",\n \"CVE-2022-34714\",\n \"CVE-2022-35743\",\n \"CVE-2022-35744\",\n \"CVE-2022-35745\",\n \"CVE-2022-35746\",\n \"CVE-2022-35747\",\n \"CVE-2022-35749\",\n \"CVE-2022-35750\",\n \"CVE-2022-35751\",\n \"CVE-2022-35752\",\n \"CVE-2022-35753\",\n \"CVE-2022-35754\",\n \"CVE-2022-35755\",\n \"CVE-2022-35756\",\n \"CVE-2022-35757\",\n \"CVE-2022-35758\",\n \"CVE-2022-35759\",\n \"CVE-2022-35760\",\n \"CVE-2022-35761\",\n \"CVE-2022-35766\",\n \"CVE-2022-35767\",\n \"CVE-2022-35768\",\n \"CVE-2022-35769\",\n \"CVE-2022-35771\",\n \"CVE-2022-35793\",\n \"CVE-2022-35794\",\n \"CVE-2022-35795\",\n \"CVE-2022-35797\",\n \"CVE-2022-35804\",\n \"CVE-2022-35820\"\n );\n script_xref(name:\"MSKB\", value:\"5016629\");\n script_xref(name:\"MSFT\", value:\"MS22-5016629\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/30\");\n script_xref(name:\"IAVA\", value:\"2022-A-0320-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0319-S\");\n\n script_name(english:\"KB5016629: Windows 11 Security Update (August 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5016629. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5016629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5016629\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5016629\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-35804\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-30133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-08';\nkbs = make_list(\n '5016629'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:22000,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016629])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:25", "description": "The remote Windows host is missing security update 5016616. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "KB5016616: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (August 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30133", "CVE-2022-30144", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35797", "CVE-2022-35820"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_AUG_5016616.NASL", "href": "https://www.tenable.com/plugins/nessus/163951", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163951);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-30133\",\n \"CVE-2022-30144\",\n \"CVE-2022-30194\",\n \"CVE-2022-30197\",\n \"CVE-2022-33670\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\",\n \"CVE-2022-34689\",\n \"CVE-2022-34690\",\n \"CVE-2022-34691\",\n \"CVE-2022-34696\",\n \"CVE-2022-34699\",\n \"CVE-2022-34701\",\n \"CVE-2022-34702\",\n \"CVE-2022-34703\",\n \"CVE-2022-34704\",\n \"CVE-2022-34705\",\n \"CVE-2022-34706\",\n \"CVE-2022-34707\",\n \"CVE-2022-34708\",\n \"CVE-2022-34709\",\n \"CVE-2022-34710\",\n \"CVE-2022-34712\",\n \"CVE-2022-34713\",\n \"CVE-2022-34714\",\n \"CVE-2022-35743\",\n \"CVE-2022-35744\",\n \"CVE-2022-35745\",\n \"CVE-2022-35746\",\n \"CVE-2022-35747\",\n \"CVE-2022-35748\",\n \"CVE-2022-35749\",\n \"CVE-2022-35750\",\n \"CVE-2022-35751\",\n \"CVE-2022-35752\",\n \"CVE-2022-35753\",\n \"CVE-2022-35754\",\n \"CVE-2022-35755\",\n \"CVE-2022-35756\",\n \"CVE-2022-35757\",\n \"CVE-2022-35758\",\n \"CVE-2022-35759\",\n \"CVE-2022-35760\",\n \"CVE-2022-35761\",\n \"CVE-2022-35762\",\n \"CVE-2022-35763\",\n \"CVE-2022-35764\",\n \"CVE-2022-35765\",\n \"CVE-2022-35766\",\n \"CVE-2022-35767\",\n \"CVE-2022-35768\",\n \"CVE-2022-35769\",\n \"CVE-2022-35771\",\n \"CVE-2022-35792\",\n \"CVE-2022-35793\",\n \"CVE-2022-35794\",\n \"CVE-2022-35795\",\n \"CVE-2022-35797\",\n \"CVE-2022-35820\"\n );\n script_xref(name:\"MSKB\", value:\"5016616\");\n script_xref(name:\"MSFT\", value:\"MS22-5016616\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/30\");\n script_xref(name:\"IAVA\", value:\"2022-A-0320-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0319-S\");\n\n script_name(english:\"KB5016616: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (August 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5016616. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5016616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5016616\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5016616\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-08';\nkbs = make_list(\n '5016616'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvar os_name = get_kb_item(\"SMB/ProductName\");\n\nif ( ( (\"enterprise\" >< tolower(os_name) || \"education\" >< tolower(os_name))\n &&\n smb_check_rollup(os:'10',\n os_build:19042,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016616]) \n )\n ||\n smb_check_rollup(os:'10',\n os_build:19043,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016616])\n || \n smb_check_rollup(os:'10',\n os_build:19044,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016616])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:25", "description": "The remote Windows host is missing security update 5016627. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows WebBrowser Control Remote Code Execution Vulnerability (CVE-2022-30194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "KB5016627: Windows Server 2022 Security Update (August 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-30133", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34689", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35820"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_AUG_5016627.NASL", "href": "https://www.tenable.com/plugins/nessus/163953", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163953);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-30133\",\n \"CVE-2022-30194\",\n \"CVE-2022-30197\",\n \"CVE-2022-33670\",\n \"CVE-2022-34301\",\n \"CVE-2022-34302\",\n \"CVE-2022-34303\",\n \"CVE-2022-34689\",\n \"CVE-2022-34690\",\n \"CVE-2022-34691\",\n \"CVE-2022-34696\",\n \"CVE-2022-34699\",\n \"CVE-2022-34701\",\n \"CVE-2022-34702\",\n \"CVE-2022-34703\",\n \"CVE-2022-34704\",\n \"CVE-2022-34705\",\n \"CVE-2022-34706\",\n \"CVE-2022-34707\",\n \"CVE-2022-34708\",\n \"CVE-2022-34709\",\n \"CVE-2022-34710\",\n \"CVE-2022-34712\",\n \"CVE-2022-34713\",\n \"CVE-2022-34714\",\n \"CVE-2022-34715\",\n \"CVE-2022-35743\",\n \"CVE-2022-35744\",\n \"CVE-2022-35745\",\n \"CVE-2022-35746\",\n \"CVE-2022-35747\",\n \"CVE-2022-35748\",\n \"CVE-2022-35749\",\n \"CVE-2022-35750\",\n \"CVE-2022-35751\",\n \"CVE-2022-35752\",\n \"CVE-2022-35753\",\n \"CVE-2022-35755\",\n \"CVE-2022-35756\",\n \"CVE-2022-35757\",\n \"CVE-2022-35758\",\n \"CVE-2022-35759\",\n \"CVE-2022-35760\",\n \"CVE-2022-35761\",\n \"CVE-2022-35762\",\n \"CVE-2022-35763\",\n \"CVE-2022-35764\",\n \"CVE-2022-35765\",\n \"CVE-2022-35766\",\n \"CVE-2022-35767\",\n \"CVE-2022-35768\",\n \"CVE-2022-35769\",\n \"CVE-2022-35771\",\n \"CVE-2022-35792\",\n \"CVE-2022-35793\",\n \"CVE-2022-35794\",\n \"CVE-2022-35795\",\n \"CVE-2022-35820\"\n );\n script_xref(name:\"MSKB\", value:\"5016627\");\n script_xref(name:\"MSFT\", value:\"MS22-5016627\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/30\");\n script_xref(name:\"IAVA\", value:\"2022-A-0320-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0319-S\");\n\n script_name(english:\"KB5016627: Windows Server 2022 Security Update (August 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5016627. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)\n\n - Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)\n\n - Windows WebBrowser Control Remote Code Execution Vulnerability (CVE-2022-30194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5016627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5016627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5016627\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-08';\nkbs = make_list(\n '5016627'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:20348,\n rollup_date:'08_2022',\n bulletin:bulletin,\n rollup_kb_list:[5016627])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "almalinux": [{"lastseen": "2023-06-03T17:13:02", "description": "The fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T00:00:00", "type": "almalinux", "title": "Moderate: fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-12T02:42:05", "id": "ALSA-2023:2487", "href": "https://errata.almalinux.org/9/ALSA-2023-2487.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2023-06-03T15:23:30", "description": "[1.8.10-2.0.1]\n- Drop pesign.service restart in postun [Orabug: 34760075]\n- Update signing certificate [JIRA: OLDIS-16371]\n- Rebuild for SecureBoot signatures [Orabug: 33801813]\n- Build with the updated Oracle certificate\n- Use oraclesecureboot301 as certdir [Orabug: 29881368]\n- Use new signing certificate (Alex Burmashev)\n- Update SBAT data to include Oracle [Oracle: 33072886]\n[1.8.10-2]\n- Rebuild because distrobaker did entirely the wrong thing.\n- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384\n[1.8.10-1]\n- Rebase to latest upstream release to fix multiple ESP detection problems\n- Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384\n[1.7.10-1]\n- New upstream release\n- Resolves: rhbz#2129280\n[1.7.9-2]\n- Include the new dbx updates on the filesystem; clients typically do not have LVFS enabled.\n- Resolves: rhbz#2120708\n[1.7.8-1]\n- New upstream release\n- Resolves: rhbz#2059075\n[1.7.4-3]\n- Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c\n which lives in AppStream, not BaseOS.\n- Use the efi_vendor variable from EFI-RPM\n- Resolves: rhbz#2064904\n[1.7.4-1]\n- New upstream release\n- Backport Fedora 34 changes\n- Include support for Lenovo TBT4 Docking stations\n- Do not cause systemd-modules-load failures\n- Build against a new enough pesign\n- Resolves: rhbz#2007520\n[1.7.1-1]\n- New upstream release\n- Backport Fedora 34 changes\n- Include support for Dell TBT4 Docking stations\n- Resolves: rhbz#1974347\n- Resolves: rhbz#1991426\n[1.5.9-4]\n- Rebuilt to use redhatsecureboot503 signatures\n- Undo last Fedora sync to use the RHEL-specific patches\n- Resolves: rhbz#2007520\n[1.5.9-3]\n- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags\n Related: rhbz#1991688\n[1.5.9-2]\n- Rebuilt for RHEL 9 BETA for openssl 3.0\n Related: rhbz#1971065\n[1.5.9-1]\n- Rebase to include the SBAT metadata section to allow fixing BootHole\n- Resolves: rhbz#1951030\n[1.5.5-4]\n- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937\n[1.5.5-3]\n- Backport a patch from master to drop the python3-pillow dep\n- Resolves: rhbz#1935838", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-15T00:00:00", "type": "oraclelinux", "title": "fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-15T00:00:00", "id": "ELSA-2023-2487", "href": "http://linux.oracle.com/errata/ELSA-2023-2487.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2023-06-03T15:18:59", "description": "The fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)\n\n* shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T05:12:08", "type": "redhat", "title": "(RHSA-2023:2487) Moderate: fwupd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3287", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2023-05-09T06:03:15", "id": "RHSA-2023:2487", "href": "https://access.redhat.com/errata/RHSA-2023:2487", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "qualysblog": [{"lastseen": "2022-09-13T00:03:22", "description": "Welcome to the first edition of the Qualys Research Team\u2019s \u201cThreat Research Thursday\u201d where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. We will endeavor to issue these update reports regularly, as often as every other week, or as our threat intelligence output warrants. \n\n\n\n## Threat Intelligence from the Qualys Blog\n\nHere is a roundup of the most interesting blogs from the Qualys Research Team from the past couple of weeks: \n\n * New Qualys Research Report: [Evolution of Quasar RAT](<https://blog.qualys.com/vulnerabilities-threat-research/2022/07/29/new-qualys-research-report-evolution-of-quasar-rat>) \u2013 This free downloadable report gives a sneak peek of the detailed webinar topic that Qualys Threat Research team\u2019s Linux EDR expert Viren Chaudari will be presenting on our upcoming [Threat Thursdays webinar](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>). \n * Here\u2019s a [Simple Script to Detect the Stealthy Nation-State BPFDoor](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/01/heres-a-simple-script-to-detect-the-stealthy-nation-state-bpfdoor>) \u2013 In this blog we explain how a simple script can detect a BPFDoor. \n * Introducing [Qualys CyberSecurity Asset Management 2.0](<https://www.qualys.com/apps/cybersecurity-asset-management/>) with natively integrated [External Attack Surface Management](<https://blog.qualys.com/qualys-insights/2022/07/28/attack-surface-management-a-critical-pillar-of-cybersecurity-asset-management>) \u2013 This is big news! We offer one of only a few solutions on the market that empower cybersecurity teams to manage internal and external assets at the same time! For our existing customers, [Qualys CSAM API Best Practices](<https://blog.qualys.com/product-tech/2022/08/05/qualys-api-best-practices-cybersecurity-asset-management-api>) should be a good starting point for playing with our extensive list of APIs. \n * [August 2022 Patch Tuesday](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/09/august-2022-patch-tuesday>) \u2013 Microsoft and the second Tuesday of the month are inseparable (except that one time in 2017 just before the Equation Group leak!) This is our regular monthly coverage of the vulnerabilities that Microsoft and Adobe fixed this month. \n\n## New Threat Hunting Tools &amp; Techniques\n\n**Sysmon v14.0, AccessEnum v1.34, and Coreinfo v3.53**: This is a major update to Sysmon that adds a new `event ID 27 - FileBlockExecutable` that prevents processes from creating executable files in specified locations. What this means is if you want to block certain files from executing in a certain directory, you can do so. [Get these tools &amp; updates](<https://docs.microsoft.com/en-us/sysinternals/downloads/>). \n\n**Bomber: **All of us know how important software bills of materials (SBOMs) are, and the vulnerabilities that affect them even more so. This open-source repository tool that we\u2019ve evaluated will help you scan JSON formatted SBOM files to point out any vulnerabilities they may have. [Check out Bomber](<https://github.com/devops-kung-fu/bomber>). \n\n**Alan C2 Framework:** Until recently, this command &amp; control (C2) framework \u2013 even though it was hosted on GitHub \u2013 was closed source. You could download it and test it for free, but not inspect its source code unless you decompiled it. Now the source code has been made available. For example, you can now look at the [certificate information](<https://github.com/enkomio/AlanFramework/blob/8134494037435c5e6478409447efe41f563e0688/src/client/mbedtls/tests/data_files/dir-maxpath/c20.pem>) and add it to your detection pipeline if you have not already done so. [Access the Alan C2 Framework source code](<https://github.com/enkomio/AlanFramework>). \n\n**FISSURE**: This interesting Radio Frequency (RF) framework was released as open source at the recently concluded DEFCONference. With this reverse engineering RF framework, you can detect, classify signals, execute attacks, discover protocols, and analyze vulnerabilities. A lot can be done with this tool! [Check out FISSURE](<https://github.com/ainfosec/FISSURE>). \n\n**Sub7 Legacy**: The source code to your favorite trojan from the not-so-recent past is now available. Well, not really. This is a complete remake of the trojan from the early 2000\u2019s. The look &amp; feel is still the same \u2013 minus the malicious features, but it does make one nostalgic. Here\u2019s hoping that threat actor groups don\u2019t use this Delphi source code for new and nefarious use cases! [Check out the new Sub7 Legacy](<https://github.com/DarkCoderSc/SubSeven>). \n\n**Hashview**: What do you do when you dump a hash via Mimikatz and want to crack it? In a team engagement, a tool like Hashview can help. It allows you to automate hashcat, retroactively crack hashes, and get notifications on a particular event. [Check out the Hashview source code](<https://github.com/hashview/hashview>). \n\n**Center for Internet Security: **CIS published their August update for the [End-of-Support Software Report List](<https://www.cisecurity.org/insights/blog/end-of-support-software-report-list>). Use it coupled with Qualys CSAM to stay updated on software that\u2019s no longer vendor supported. \n\n## New Vulnerabilities \n\n[**CVE-2022-34301**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34301>)/[**CVE-2022-34302**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34302>)/[**CVE-2022-34303**](<https://nvd.nist.gov/vuln/detail/CVE-2022-34303>) \u2013 Not much was known about these bootloader vulnerabilities when they were first disclosed as part of Microsoft Patch Tuesday. New research about these vulnerabilities was [presented at DEFCON](<https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/>) pointing towards weaknesses in third-party code signed by Microsoft. Special care must be given to fixing these vulnerabilities, as manual intervention is required for complete remediation. \n\n[**CVE-2022-30209**](<https://nvd.nist.gov/vuln/detail/CVE-2022-30209>) \u2013 Fresh off of its disclosure at Black Hat USA 2022, this _IIS authentication bypass vulnerability_ discovered by Devcore, is [introduced](<https://twitter.com/orange_8361/status/1557504677050478594?s=20&t=KnnUPgzWitsV-dCEdSeCjA>) because of a logic error as a result of improper copy/pasting of variable names. Qualys VMDR customers can find unpatched devices in their networks by looking for QID 91922 in their results. \n\n[**CVE-2022-22047**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22047>) - This Windows client/server runtime subsystem (CSRSS) _elevation of privilege vulnerability_ affects almost all Windows versions, including v7, 8.1, 10, 11, and Windows Server 2008, 2012, 2016, 2019, and 2022! QIDs 91922 and 91927 should be of interest to current Qualys VMDR customers. \n\n[**CVE-2022-26138**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26138>) \u2013 The Confluence Questions app, when installed will create a `disabledsystemuser `user with a known and now _publicized hardcoded password_. Post exploitation, bad actors can read the pages accessible by the confluence-users group. \n\n[**CVE-2022-26501**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26501>) \u2013 Proof-of-concept code for this _unauthenticated remote code execution_ vulnerability affecting Veeam Distribution Service (VDS) has been available for more than four months now. When last checked on Shodan, there were more than 18,000 publicly facing devices that host Veeam Backup Services. \n\n## Introducing the Monthly Threat Thursdays Webinar \n\nPlease join us for the first [Threat Thursdays monthly webinar](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>) where the Qualys Threat Research Team will present the latest threat intelligence\u2026 each and every month! \n\n[REGISTER NOW](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T21:00:00", "type": "qualysblog", "title": "Introducing Qualys Threat Research Thursdays", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22047", "CVE-2022-26138", "CVE-2022-26501", "CVE-2022-30209", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303"], "modified": "2022-09-01T21:00:00", "id": "QUALYSBLOG:AE4AA7402829D66599C8A25E83DD0FD2", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-14T00:03:27", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 121 vulnerabilities (aka flaws) in the August 2022 update, including 17 vulnerabilities classified as **_Critical_** as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE). This month&#x27;s Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks ([CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>)*****,[ CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)). Earlier this month, August 5, 2022, Microsoft also released 20 Microsoft Edge (Chromium-Based) updates addressing Elevation of Privilege (EoP), Remote Code Execution (RCE), and Security Feature Bypass with severities of Low, Moderate, and Important respectively.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.\n\n## **The August 2022 Microsoft vulnerabilities are classified as follows:**\n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n\n# **Notable Microsoft Vulnerabilities Patched**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nIn May, Microsoft released a [blog](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) giving guidance for a vulnerability in MSDT and released updates to address it shortly thereafter. Public discussion of a vulnerability can encourage further scrutiny on the component, both by Microsoft security personnel as well as their research partners. _This CVE is a variant of the vulnerability publicly known as Dogwalk._\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n>  Qualys director of vulnerability and threat research, [Bharat Jogi](<https://blog.qualys.com/author/bharat_jogi>), said DogWalk had actually been reported back in 2019 but at the time was not thought to be dangerous as it required \u201csignificant user interaction to exploit,\u201d and there were other mitigations in place.\n> \n> - _Excerpt from [Surge in CVEs as Microsoft Fixes Exploited Zero Day Bug](<https://www.infosecurity-magazine.com/news/surge-cves-microsoft-fixes/>)_\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>) | Microsoft Exchange Information Disclosure Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.6/10.\n\nThis vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. For more information, see [Exchange Server Sup](<https://aka.ms/ExchangeEPDoc>)[port for Windows Extended Protection](<https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/>) and/or [The Exchange Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**\n\n* * *\n\n## **Security Feature Bypass Vulnerabilities Addressed**\n\nThese are **standalone security updates**. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.\n\nThese security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built-in pre-requisite logic to ensure the ordering.\n\nMicrosoft customers should ensure they have installed the latest Servicing Stack Update before installing these standalone security updates. See [ADV990001 | Latest Servicing Stack Updates](<https://msrc.microsoft.com/update-guide/security-guidance/advisory/ADV990001>) for more information.\n\nAn attacker who successfully exploited either of these three (3) vulnerabilities could bypass Secure Boot.\n\n### CERT/CC: [CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>) Eurosoft Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>) New Horizon Data Systems Inc Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>) Crypto Pro Boot Loader Bypass\n\nAt the time of publication, a CVSSv3.1 score has not been assigned.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Like_**ly\n\n* * *\n\n## **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Exchange Server, Microsoft Office, System Center,, and Windows.\n\nA total of 86 unique Microsoft products/versions are affected, including .NET, Azure, Edge (Chromium-based), Excel, Exchange Server (Cumulative Update), Microsoft 365 Apps for Enterprise, Office, Open Management Infrastructure, Outlook, and System Center Operations Manager (SCOM), Visual Studio, Windows Desktop, and Windows Server.\n\nDownloads include IE Cumulative, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-35766](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35766>), [CVE-2022-35794](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35794>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nAn unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>), [CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>) | Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. **Warning**: Disabling Port 1723 could affect communications over your network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>) | Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.\n\nPlease see [Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for more information and ways to protect your domain.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-33646](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33646>) | Azure Batch Node Agent Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.0/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in August, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>)[CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>), and [CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.6/10.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. \n\nThe user would have to click on a specially crafted URL to be compromised by the attacker.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>)[CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>)[CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.3/10. _[Per Microsoft&#x27;s severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn&#x27;t allow for this type of nuance._\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released five (5) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 25 vulnerabilities affecting Adobe Acrobat and Reader, Commerce, FrameMaker, Illustrator, and Premiere Elements applications. Of these 25 vulnerabilities, 15 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 7.8/10 to 9.1/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-38](<https://helpx.adobe.com/security/products/magento/apsb22-38.html>) | Security update available for Adobe Commerce\n\nThis update resolves seven (7) vulnerabilities:\n\n * Four (4) **_[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * One (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>), [important](<https://helpx.adobe.com/security/severity-ratings.html>), and [moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, and security feature bypass.\n\n* * *\n\n### [APSB22-39](<https://helpx.adobe.com/security/products/acrobat/apsb22-39.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves seven (7) vulnerabilities:\n\n * Three (3) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Four (4) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-41](<https://helpx.adobe.com/security/products/illustrator/apsb22-41.html>) | Security Updates Available for Adobe Illustrator\n\nThis update resolves four (4) vulnerabilities:\n\n * Two (2) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-42](<https://helpx.adobe.com/security/products/framemaker/apsb22-42.html>) | Security update available for Adobe FrameMaker\n\nThis update resolves six (6) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n### [APSB22-43](<https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html>) | Security update available for Adobe Premiere Elements\n\nThis update resolves one (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories for August 1-9, 2022 _New Content_\n\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, &amp; CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n * [Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)](<https://threatprotect.qualys.com/2022/08/04/cisco-patched-small-business-rv-series-routers-multiple-vulnerabilities-cve-2022-20827-cve-2022-20841-and-cve-2022-20842/>)\n * [VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access](<https://threatprotect.qualys.com/2022/08/03/vmware-patched-multiple-vulnerabilities-in-vmware-products-including-identity-manager-vidm-and-workspace-one-access/>)\n * [Atlassian Confluence Server and Confluence Data Center \u2013 Questions for Confluence App \u2013 Hardcoded Password Vulnerability (CVE-2022-26138)](<https://threatprotect.qualys.com/2022/08/01/atlassian-confluence-server-and-confluence-data-center-questions-for-confluence-app-hardcoded-password-vulnerability-cve-2022-26138/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n\n\n [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>) _The old way of ranking vulnerabilities doesn\u2019t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation._\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>) _New Content_\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn&#x27;t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### **[CVE-2022-35793](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35793>) | Windows Print Spooler Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n * 21711: Status of the \u2018Allow Print Spooler to accept client connections\u2019 group policy setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-35804](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35804>)** | **SMB Client and Server Remote Code Execution (RCE) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24476: Status of the SMBv3 Client compressions setting\n * 20233: Status of the SMBv3 Server compressions setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### ****[CVE-2022-35755](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755>)** | **Windows Print Spooler Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>)**, **[CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>)** | **Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 11220: List of \u2018Inbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n * 14028: List of \u2018Outbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### **[CVE-2022-34715](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715>): Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24139: Status of the Windows Network File System (NFSV4) service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### ****[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>): Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 4079: Status of the \u2018Active Directory Certificate Service\u2019\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1368` OR id:`4079` OR id:`11220` OR id:`14028` OR id:`20233` OR id:`21711` OR id:`24139` OR id:`24476` ) \n\n\n\n [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>)\n\n [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n##### Patch Tuesday is Complete.\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month&#x27;s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities &amp; Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-09T20:00:00", "type": "qualysblog", "title": "August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-26138", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-30190", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-33636", "CVE-2022-33646", "CVE-2022-33649", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35744", "CVE-2022-35755", "CVE-2022-35766", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35796", "CVE-2022-35804"], "modified": "2022-08-09T20:00:00", "id": "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-08-23T02:01:34", "description": "Hello everyone! In this episode, let&#x27;s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my [Vulristics](<https://github.com/leonov-av/vulristics>) vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239098>\n\nThere were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.\n\nThere was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let&#x27;s take a closer look.\n \n \n $ cat comments_links.txt \n Qualys|August 2022 Patch Tuesday. Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories|https://blog.qualys.com/vulnerabilities-threat-research/2022/08/09/august-2022-patch-tuesday\n ZDI|THE AUGUST 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review\n Kaspersky|DogWalk and other vulnerabilities|https://www.kaspersky.com/blog/dogwalk-vulnerability-patch-tuesday-08-2022/45127/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"August\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: August\n MS PT Date: 2022-08-09\n MS PT CVEs found: 121\n Ext MS PT Date from: 2022-07-13\n Ext MS PT Date to: 2022-08-08\n Ext MS PT CVEs found: 26\n ALL MS PT CVEs: 147\n ...\n\n## DogWalk\n\n**Remote Code Execution** in Microsoft Windows Support Diagnostic Tool (MSDT) (CVE-2022-34713), dubbed **DogWalk**. The only Urgent level vulnerability. The Microsoft Support Diagnostic Tool (MSDT) is a service in Microsoft Windows that allows Microsoft technical support agents to analyze diagnostic data remotely for troubleshooting purposes. DogWalk vulnerability allows code execution when MSDT is called using the URL protocol from a calling application, typically Microsoft Word. There is an element of social engineering to this as a threat actor would need to convince a user to click a link or open a document. Exploitability Assessment: Exploitation in the wild detected. The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Functional Exploit). But it is not yet available in public exploit packs. DogWalk is similar to MSDT RCE **Follina** (CVE-2022-30190), which made some hype in May of this year. It\u2019s not clear if this vulnerability is the result of a failed patch or something new. \n\n## 3 Microsoft Exchange EOPs\n\n**Elevation of Privilege** in Microsoft Exchange (CVE-2022-21980, CVE-2022-24516, CVE-2022-24477). I will not hide, this vulnerabilities were not detected as critical by Vulristics, only as Medium. This happened due to the fact that this are not RCEs, but EOPs. No public exploit or sign of exploitation in the wild. But these vulnerabilities are very critical, due to the fact that Exchange is often accessible from the Internet. And because of details about the vulnerability, which is only highlighted by ZDI. These bugs could allow an authenticated attacker to take over the mailboxes of all Exchange users, read and send emails or download attachments from any mailbox on the Exchange server. This gives access to valuable data and great opportunities for developing an attack. Administrators will also need to enable Extended Protection to fully address these vulnerabilities.\n\nit is not clear how to highlight such vulnerabilities automatically, because there are few formal signs. Apparently it is required to raise the priority of the software available on the perimeter and software that operates with important data.\n\n## 13 potentially dangerous vulnerabilities\n\n 1. **Remote Code Execution** in Windows Point-to-Point Protocol (PPP) (CVE-2022-30133, CVE-2022-35744). The Point-to-Point Protocol (PPP) is the default RAS (remote access service) protocol in Windows and is a data link-layer protocol used to encapsulate higher network-layer protocols to pass over synchronous and asynchronous communication lines. Both vulnerabilities allow attackers to send requests to the remote access server, which can lead to the execution of malicious code on the machine. And both have the same CVSS score: 9.8. This vulnerabilities can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. Warning: Disabling Port 1723 could affect communications over your network. Exploitability Assessment: Exploitation Less Likely\n 2. **Remote Code Execution **in Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-35766, CVE-2022-35794). SSTP is a VPN tunneling protocol designed to secure your online traffic. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS (remote access service) server, which could lead to remote code execution (RCE) on the RAS server machine. Exploitability Assessment: Exploitation Less Likely\n 3. **Remote Code Execution** in SMB Client and Server (CVE-2022-35804). The server side of this vulnerability would allow a remote, unauthenticated attacker to execute code with elevated privileges on affected SMB servers. Interestingly, this bug only affects Windows 11, which implies some new functionality introduced this vulnerability. Either way, this could potentially be wormable between affected Windows 11 systems with SMB server enabled. Disabling SMBv3 compression is a workaround for this bug, but applying the update is the best method to remediate the vulnerability. This vulnerability is reminiscent of past SMB vulnerabilities such as the EternalBlue SMBv1 flaw patched in MS17-010 in March of 2017 that was exploited as part of the [WannaCry](<https://avleonov.com/2017/05/13/wannacry-about-vulnerability-management/>) incident in addition to the more recent CVE-2020-0796 \u201cEternalDarkness\u201d RCE flaw in SMB 3.1.1.\n 4. **Remote Code Execution** in Visual Studio (CVE-2022-35777, CVE-2022-35825, CVE-2022-35826, CVE-2022-35827). The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Proof-of-Concept Exploit). None of the vendors highlighted these vulnerabilities. But it seems that this can be used in targeted phishing against developers.\n 5. **Elevation of Privilege** in Active Directory (CVE-2022-34691). An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System. The advisory notes that exploitation is only possible when Active Directory Certificate Services is running on the domain. Exploitability Assessment: Exploitation Less Likely.\n 6. **Remote Code Execution** in Windows Network File System (CVE-2022-34715). This is now the fourth month in a row with an NFS code execution patch. To exploit this, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server. This would provide the threat actor with code execution at elevated privileges. Although we have not yet seen the actual exploitation of such vulnerabilities.\n 7. **Elevation of Privilege **in Windows Print Spooler (CVE-2022-35793, CVE-2022-35755). The Print Spooler is software built into the Windows operating system that temporarily stores print jobs in the computer&#x27;s memory until the printer is ready to print them. CVE-2022-35755 can be exploited using a specially crafted \u201cinput file,\u201d while exploitation of CVE-2022-35793 requires a user click on a specially crafted URL. Both would give the attacker SYSTEM privileges. Both vulnerabilities can be mitigated by disabling the Print Spooler service, but CVE-2022-35793 can also be mitigated by disabling inbound remote printing via Group Policy.\n\n## 2 funny vulnerabilities\n\n 1. Vulristics suddenly highlighted the **Memory Corruption** in Microsoft Edge (CVE-2022-2623) vulnerability because there is a public exploit for it. It turned out that there was a bug in the exploit databases: 0day.today and packetstorm. CVE-2022-2623 was mistakenly written instead of CVE-2022-26233. And this also happens and no one checks it. Well, prioritization of vulnerabilities based on distorted source data does not work well.\n 2. **Denial of Service** - Microsoft Outlook (CVE-2022-35742). This was reported through the ZDI program and is a mighty interesting bug. Sending a crafted email to a victim causes their Outlook application to terminate immediately. Outlook cannot be restarted. Upon restart, it will terminate again once it retrieves and processes the invalid message. It is not necessary for the victim to open the message or to use the Reading pane. The only way to restore functionality is to access the mail account using a different client (i.e., webmail, or administrative tools) and remove the offending email(s) from the mailbox before restarting Outlook.\n\n## 3 mysterious vulnerabilities\n\n * CERT/CC: CVE-2022-34303 Crypto Pro Boot Loader Bypass\n * CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass\n * CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass\n\nThey came from the US CERT Coordination Center.\n\n 1. No one writes anything about them, only Tenable. &quot;security bypass vulnerabilities in a third-party driver affecting Windows Secure Boot&quot;. \n 2. Maybe this is of course a coincidence and we are talking about other software, but isn&#x27;t Crypto Pro a Russian [CryptoPro](<https://www.cryptopro.ru/>), &quot;the company\u2019s main activity is cryptographic software development and public key infrastructure solutions based on national and international standards.&quot;?\n 3. Isn&#x27;t Eurosoft a [Russian Eurosoft](<http://eurosoft.ru/>), &quot;software for architectural design&quot;? \n\nIt&#x27;s all very curious.\n\nFull Vulristics report: [ms_patch_tuesday_august2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-23T00:00:26", "type": "avleonov", "title": "Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0796", "CVE-2022-21980", "CVE-2022-24477", "CVE-2022-24516", "CVE-2022-2623", "CVE-2022-26233", "CVE-2022-30133", "CVE-2022-30190", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35742", "CVE-2022-35744", "CVE-2022-35755", "CVE-2022-35766", "CVE-2022-35777", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35804", "CVE-2022-35825", "CVE-2022-35826", "CVE-2022-35827"], "modified": "2022-08-23T00:00:26", "id": "AVLEONOV:37BE727F2D0C216B8B10BD6CBE6BD061", "href": "https://avleonov.com/2022/08/23/microsoft-patch-tuesday-august-2022-dogwalk-exchange-eops-13-potentially-dangerous-2-funny-3-mysterious-vulnerabilities/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-06-05T14:58:53", "description": "### *Detect date*:\n08/09/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions, execute arbitrary code, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2022 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows Server 2022 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2012 \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 11 for ARM64-based Systems \nWindows Server 2016 \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 21H2 for 32-bit Systems \nWindows Server 2019 \nWindows 10 for x64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows RT 8.1 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-35759](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35759>) \n[CVE-2022-34705](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34705>) \n[CVE-2022-35765](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35765>) \n[CVE-2022-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>) \n[CVE-2022-35763](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35763>) \n[CVE-2022-34703](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34703>) \n[CVE-2022-35751](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35751>) \n[CVE-2022-34707](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34707>) \n[CVE-2022-30194](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30194>) \n[CVE-2022-35771](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35771>) \n[CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>) \n[CVE-2022-34714](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34714>) \n[CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>) \n[CVE-2022-35794](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35794>) \n[CVE-2022-35766](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35766>) \n[CVE-2022-34709](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34709>) \n[CVE-2022-34704](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34704>) \n[CVE-2022-35767](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35767>) \n[CVE-2022-35769](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35769>) \n[CVE-2022-35804](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35804>) \n[CVE-2022-30197](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30197>) \n[CVE-2022-35795](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35795>) \n[CVE-2022-35760](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35760>) \n[CVE-2022-35793](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35793>) \n[CVE-2022-35747](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35747>) \n[CVE-2022-35743](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743>) \n[CVE-2022-35764](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35764>) \n[CVE-2022-30144](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30144>) \n[CVE-2022-35761](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35761>) \n[CVE-2022-35762](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35762>) \n[CVE-2022-34702](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34702>) \n[CVE-2022-35757](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35757>) \n[CVE-2022-34690](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34690>) \n[CVE-2022-35745](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35745>) \n[CVE-2022-35750](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750>) \n[CVE-2022-34708](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34708>) \n[CVE-2022-35792](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35792>) \n[CVE-2022-35753](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35753>) \n[CVE-2022-34712](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34712>) \n[CVE-2022-34701](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34701>) \n[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>) \n[CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>) \n[CVE-2022-35746](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35746>) \n[CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) \n[CVE-2022-35820](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820>) \n[CVE-2022-34696](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34696>) \n[CVE-2022-33670](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33670>) \n[CVE-2022-34706](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34706>) \n[CVE-2022-34699](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34699>) \n[CVE-2022-35754](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35754>) \n[CVE-2022-35748](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35748>) \n[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>) \n[CVE-2022-35758](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35758>) \n[CVE-2022-35755](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755>) \n[CVE-2022-35797](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35797>) \n[CVE-2022-35749](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35749>) \n[CVE-2022-35768](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35768>) \n[CVE-2022-35752](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35752>) \n[CVE-2022-34715](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715>) \n[CVE-2022-34710](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34710>) \n[CVE-2022-35756](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35756>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5016627](<http://support.microsoft.com/kb/5016627>) \n[5016672](<http://support.microsoft.com/kb/5016672>) \n[5016622](<http://support.microsoft.com/kb/5016622>) \n[5016683](<http://support.microsoft.com/kb/5016683>) \n[5016639](<http://support.microsoft.com/kb/5016639>) \n[5016616](<http://support.microsoft.com/kb/5016616>) \n[5016623](<http://support.microsoft.com/kb/5016623>) \n[5016684](<http://support.microsoft.com/kb/5016684>) \n[5016681](<http://support.microsoft.com/kb/5016681>) \n[5012170](<http://support.microsoft.com/kb/5012170>) \n[5016629](<http://support.microsoft.com/kb/5016629>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "kaspersky", "title": "KLA12602 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30133", "CVE-2022-30144", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35797", "CVE-2022-35804", "CVE-2022-35820"], "modified": "2022-09-27T00:00:00", "id": "KLA12602", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12602/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-08-10T00:04:15", "description": "\n\nIt's the week of [Hacker Summer Camp](<https://www.rapid7.com/blog/post/2022/08/04/what-were-looking-forward-to-at-black-hat-def-con-and-bsideslv-2022/>) in Las Vegas, and Microsoft has [published](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) fixes for 141 separate vulnerabilities in their swath of August updates. This is a new monthly record by raw CVE count, but from a patching perspective, the numbers are slightly less dire. 20 CVEs affect their Chromium-based Edge browser, and 34 affect Azure Site Recovery (up from 32 CVEs affecting that product last month). As usual, OS-level updates will address a lot of these, but note that some extra configuration is required to fully protect Exchange Server this month.\n\nThere is one 0-day being patched this month. [CVE-2022-34713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713>) is a remote code execution (RCE) vulnerability affecting the Microsoft Windows Support Diagnostic Tool (MSDT) \u2013 it carries a CVSSv3 base score of 7.8, as it requires convincing a potential victim to open a malicious file. The advisory indicates that this CVE is a variant of the \u201cDogwalk\u201d vulnerability, which made news alongside [Follina](<https://www.rapid7.com/blog/post/2022/05/31/cve-2022-30190-follina-microsoft-support-diagnostic-tool-vulnerability/>) (CVE-2022-30190) back in May.\n\nPublicly disclosed, but not (yet) exploited is [CVE-2022-30134](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30134>), an Information Disclosure vulnerability affecting Exchange Server. In this case, simply patching is not sufficient to protect against attackers being able to read targeted email messages. Administrators should [enable Extended Protection](<https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/>) in order to fully remediate this vulnerability, as well as [the](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21979>) [five](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21980>) [other](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24516>) [vulnerabilities](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24477>) [affecting](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34692>) Exchange this month. Details about how to accomplish this are available via the [Exchange Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\nMicrosoft also patched several flaws affecting Remote Access Server (RAS). The most severe of these ([CVE-2022-30133](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30133>) and [CVE-2022-35744](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35744>)) are related to Windows Point-to-Point Tunneling Protocol and could allow RCE simply by sending a malicious connection request to a server. Seven CVEs affecting the Windows Secure Socket Tunneling Protocol (SSTP) on RAS were also fixed this month: six RCEs and one Denial of Service. If you have RAS in your environment but are unable to patch immediately, consider blocking traffic on port 1723 from your network.\n\nVulnerabilities affecting Windows Network File System (NFS) have been trending in recent months, and today sees Microsoft patching [CVE-2022-34715](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34715>) (RCE, CVSS 9.8) affecting NFSv4.1 on Windows Server 2022.\n\nThis is the worst of it. One last vulnerability to highlight: [CVE-2022-35797](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35797>) is a Security Feature Bypass in [Windows Hello](<https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-face-authentication#external-camera-security>) \u2013 Microsoft\u2019s biometric authentication mechanism for Windows 10. Successful exploitation requires physical access to a system, but would allow an attacker to bypass a facial recognition check.\n\n## Summary charts\n\n\n\n## Summary tables\n\n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35802>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-30175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30175>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30176>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34687](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34687>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35773](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35773>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35779](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35779>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35806](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35806>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35772](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35772>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-35824](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-33646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33646>) | Azure Batch Node Agent Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-35780](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35780>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35781](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35781>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35799](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35799>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35775](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35775>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35801](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35801>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35807](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35807>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35808](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35808>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35782](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35782>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35809](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35809>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35784>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35810](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35810>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35811](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35811>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35785](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35785>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35786](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35786>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35813](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35813>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35788](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35788>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35814](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35814>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35789](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35789>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35815](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35815>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35790](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35790>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35816](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35816>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35817](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35817>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35791](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35791>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35818](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35818>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35819](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35819>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35776](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35776>) | Azure Site Recovery Denial of Service Vulnerability | No | No | 6.2 | Yes \n[CVE-2022-34685](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34686](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-35774](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35774>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 4.9 | Yes \n[CVE-2022-35800](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35800>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 4.9 | Yes \n[CVE-2022-35787](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35787>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 4.9 | Yes \n[CVE-2022-35821](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35821>) | Azure Sphere Information Disclosure Vulnerability | No | No | 4.4 | Yes \n[CVE-2022-35783](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35783>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 4.4 | Yes \n[CVE-2022-35812](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35812>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 4.4 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-33649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33649>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | No | No | 9.6 | Yes \n[CVE-2022-33636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33636>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-35796](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35796>) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-2624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2624>) | Chromium: CVE-2022-2624 Heap buffer overflow in PDF | No | No | N/A | Yes \n[CVE-2022-2623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2623>) | Chromium: CVE-2022-2623 Use after free in Offline | No | No | N/A | Yes \n[CVE-2022-2622](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2622>) | Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing | No | No | N/A | Yes \n[CVE-2022-2621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2621>) | Chromium: CVE-2022-2621 Use after free in Extensions | No | No | N/A | Yes \n[CVE-2022-2619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2619>) | Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings | No | No | N/A | Yes \n[CVE-2022-2618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2618>) | Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals | No | No | N/A | Yes \n[CVE-2022-2617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2617>) | Chromium: CVE-2022-2617 Use after free in Extensions API | No | No | N/A | Yes \n[CVE-2022-2616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2616>) | Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API | No | No | N/A | Yes \n[CVE-2022-2615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2615>) | Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies | No | No | N/A | Yes \n[CVE-2022-2614](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2614>) | Chromium: CVE-2022-2614 Use after free in Sign-In Flow | No | No | N/A | Yes \n[CVE-2022-2612](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2612>) | Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input | No | No | N/A | Yes \n[CVE-2022-2611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2611>) | Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API | No | No | N/A | Yes \n[CVE-2022-2610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2610>) | Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch | No | No | N/A | Yes \n[CVE-2022-2606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2606>) | Chromium: CVE-2022-2606 Use after free in Managed devices API | No | No | N/A | Yes \n[CVE-2022-2605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2605>) | Chromium: CVE-2022-2605 Out of bounds read in Dawn | No | No | N/A | Yes \n[CVE-2022-2604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2604>) | Chromium: CVE-2022-2604 Use after free in Safe Browsing | No | No | N/A | Yes \n[CVE-2022-2603](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2603>) | Chromium: CVE-2022-2603 Use after free in Omnibox | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-35777](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35777>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35825](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35826](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35826>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35827](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35827>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34716](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716>) | .NET Spoofing Vulnerability | No | No | 5.9 | Yes \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30133>) | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-35744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35744>) | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-34691](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34691>) | Active Directory Domain Services Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-34714](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34714>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35745>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35752>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35753>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-34702](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34702>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35767>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-34706](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34706>) | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34707](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35768](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35756>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35751](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35751>) | Windows Hyper-V Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35795](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35795>) | Windows Error Reporting Service Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35820](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35820>) | Windows Bluetooth Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35750](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35750>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34713>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Yes | Yes | 7.8 | Yes \n[CVE-2022-35743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35743>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35760](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35760>) | Microsoft ATA Port Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30194>) | Windows WebBrowser Control Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-35769](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35769>) | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-35793](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35793>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-34690](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34690>) | Windows Fax Service Elevation of Privilege Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-35759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35759>) | Windows Local Security Authority (LSA) Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2022-35747](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35747>) | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | No | No | 5.9 | Yes \n[CVE-2022-35758](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35758>) | Windows Kernel Memory Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34708](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34701>) | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | No | No | 5.3 | No \n \n### Exchange Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-21980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | Yes \n[CVE-2022-24516](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | Yes \n[CVE-2022-24477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | Yes \n[CVE-2022-30134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30134>) | Microsoft Exchange Information Disclosure Vulnerability | No | Yes | 7.6 | Yes \n[CVE-2022-34692](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34692>) | Microsoft Exchange Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2022-21979](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979>) | Microsoft Exchange Information Disclosure Vulnerability | No | No | 4.8 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-34717](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34717>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-33648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33648>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35742>) | Microsoft Outlook Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-33631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33631>) | Microsoft Excel Security Feature Bypass Vulnerability | No | No | 7.3 | Yes \n \n### System Center Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-33640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33640>) | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-34715](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-35804](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804>) | SMB Client and Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-35761](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35761>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 8.4 | Yes \n[CVE-2022-35766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35766>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-35794](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35794>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-34699](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34699>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-33670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33670>) | Windows Partition Management Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34703](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34703>) | Windows Partition Management Driver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34696>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35746>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35749](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35749>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-34705](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705>) | Windows Defender Credential Guard Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35771](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771>) | Windows Defender Credential Guard Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35762](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35762>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35763](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35763>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35764](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35764>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35765](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35765>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-35792](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35792>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30144>) | Windows Bluetooth Service Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-35748](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35748>) | HTTP.sys Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-35755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35755>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-35757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35757>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.3 | Yes \n[CVE-2022-35754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35754>) | Unified Write Filter Elevation of Privilege Vulnerability | No | No | 6.7 | Yes \n[CVE-2022-35797](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35797>) | Windows Hello Security Feature Bypass Vulnerability | No | No | 6.1 | Yes \n[CVE-2022-34709](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709>) | Windows Defender Credential Guard Security Feature Bypass Vulnerability | No | No | 6 | Yes \n[CVE-2022-30197](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30197>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34710](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710>) | Windows Defender Credential Guard Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712>) | Windows Defender Credential Guard Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34704](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704>) | Windows Defender Credential Guard Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-34303](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34303>) | CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | No | No | N/A | Yes \n[CVE-2022-34302](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34302>) | CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | No | No | N/A | Yes \n[CVE-2022-34301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34301>) | CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | No | No | N/A | Yes \n \n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T19:34:51", "type": "rapid7blog", "title": "Patch Tuesday - August 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21979", "CVE-2022-21980", "CVE-2022-24477", "CVE-2022-24516", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-30144", "CVE-2022-30175", "CVE-2022-30176", "CVE-2022-30190", "CVE-2022-30194", "CVE-2022-30197", "CVE-2022-33631", "CVE-2022-33636", "CVE-2022-33640", "CVE-2022-33646", "CVE-2022-33648", "CVE-2022-33649", "CVE-2022-33670", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34685", "CVE-2022-34686", "CVE-2022-34687", "CVE-2022-34690", "CVE-2022-34691", "CVE-2022-34692", "CVE-2022-34696", "CVE-2022-34699", "CVE-2022-34701", "CVE-2022-34702", "CVE-2022-34703", "CVE-2022-34704", "CVE-2022-34705", "CVE-2022-34706", "CVE-2022-34707", "CVE-2022-34708", "CVE-2022-34709", "CVE-2022-34710", "CVE-2022-34712", "CVE-2022-34713", "CVE-2022-34714", "CVE-2022-34715", "CVE-2022-34716", "CVE-2022-34717", "CVE-2022-35742", "CVE-2022-35743", "CVE-2022-35744", "CVE-2022-35745", "CVE-2022-35746", "CVE-2022-35747", "CVE-2022-35748", "CVE-2022-35749", "CVE-2022-35750", "CVE-2022-35751", "CVE-2022-35752", "CVE-2022-35753", "CVE-2022-35754", "CVE-2022-35755", "CVE-2022-35756", "CVE-2022-35757", "CVE-2022-35758", "CVE-2022-35759", "CVE-2022-35760", "CVE-2022-35761", "CVE-2022-35762", "CVE-2022-35763", "CVE-2022-35764", "CVE-2022-35765", "CVE-2022-35766", "CVE-2022-35767", "CVE-2022-35768", "CVE-2022-35769", "CVE-2022-35771", "CVE-2022-35772", "CVE-2022-35773", "CVE-2022-35774", "CVE-2022-35775", "CVE-2022-35776", "CVE-2022-35777", "CVE-2022-35779", "CVE-2022-35780", "CVE-2022-35781", "CVE-2022-35782", "CVE-2022-35783", "CVE-2022-35784", "CVE-2022-35785", "CVE-2022-35786", "CVE-2022-35787", "CVE-2022-35788", "CVE-2022-35789", "CVE-2022-35790", "CVE-2022-35791", "CVE-2022-35792", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35795", "CVE-2022-35796", "CVE-2022-35797", "CVE-2022-35799", "CVE-2022-35800", "CVE-2022-35801", "CVE-2022-35802", "CVE-2022-35804", "CVE-2022-35806", "CVE-2022-35807", "CVE-2022-35808", "CVE-2022-35809", "CVE-2022-35810", "CVE-2022-35811", "CVE-2022-35812", "CVE-2022-35813", "CVE-2022-35814", "CVE-2022-35815", "CVE-2022-35816", "CVE-2022-35817", "CVE-2022-35818", "CVE-2022-35819", "CVE-2022-35820", "CVE-2022-35821", "CVE-2022-35824", "CVE-2022-35825", "CVE-2022-35826", "CVE-2022-35827"], "modified": "2022-08-09T19:34:51", "id": "RAPID7BLOG:882168BD332366CE296FB09DC00E018E", "href": "https://blog.rapid7.com/2022/08/09/patch-tuesday-august-2022/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}