Report Name: Microsoft Patch Tuesday, January 2022Generated: 2022-01-16 03:39:29
| Product Name | Prevalence | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Kerberos | 1 | 1 | Kerberos | ||||
| Active Directory | 0.9 | 1 | Active Directory is a directory service developed by Microsoft for Windows domain networks | ||||
| HTTP Protocol Stack | 0.9 | 1 | HTTP Protocol Stack | ||||
| Remote Procedure Call Runtime | 0.9 | 1 | Remote Procedure Call Runtime | ||||
| Windows Kernel | 0.9 | 2 | Windows Kernel | ||||
| Windows Win32k | 0.9 | 1 | 2 | Windows kernel-mode driver | |||
| .NET Framework | 0.8 | 1 | .NET Framework | ||||
| Diagnostics Hub Standard Collector | 0.8 | 1 | Diagnostics Hub Standard Collector is part of Windows diagnostics tools and it collects real time ETW (Event Tracing for Windows) events and processes them | ||||
| DirectX Graphics Kernel | 0.8 | 2 | 1 | DirectX Graphics Kernel | |||
| Microsoft Cryptographic Services | 0.8 | 1 | he Cryptographic Services is a Microsoft Windows feature that encrypts and decrypts data on storage devices when they are accessed | ||||
| Microsoft Exchange | 0.8 | 3 | Exchange | ||||
| Microsoft Local Security Authority Server | 0.8 | 1 | 1 | LSASS, the Windows Local Security Authority Server process, handles Windows security mechanisms | |||
| Remote Desktop Licensing Diagnoser | 0.8 | 1 | Remote Desktop Licensing Diagnoser | ||||
| Secure Boot | 0.8 | 1 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | ||||
| Storage Spaces Controller | 0.8 | 1 | Storage Spaces Controller | ||||
| Tablet Windows User Interface Application Core | 0.8 | 1 | Windows component | ||||
| Task Flow Data Engine | 0.8 | 1 | Task Flow Data Engine | ||||
| Windows Accounts Control | 0.8 | 1 | Windows component | ||||
| Windows AppContracts API Server | 0.8 | 1 | Windows component | ||||
| Windows Application Model Core API | 0.8 | 1 | Windows component | ||||
| Windows BackupKey Remote Protocol | 0.8 | 1 | Windows component | ||||
| Windows Bind Filter Driver | 0.8 | 1 | Windows component | ||||
| Windows Certificate | 0.8 | 1 | Windows component | ||||
| Windows Cleanup Manager | 0.8 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 2 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 3 | Windows component | ||||
| Windows Defender Application Control | 0.8 | 1 | Windows component | ||||
| Windows Defender Credential Guard | 0.8 | 1 | Windows component | ||||
| Windows Devices Human Interface | 0.8 | 1 | Windows component | ||||
| Windows Event Tracing | 0.8 | 2 | Windows Event Tracing | ||||
| Windows Extensible Firmware Interface | 0.8 | 1 | Windows component | ||||
| Windows GDI | 0.8 | 4 | Windows component | ||||
| Windows Geolocation Service | 0.8 | 1 | Windows component | ||||
| Windows Installer | 0.8 | 1 | Windows Installer | ||||
| Windows Modern Execution Server | 0.8 | 1 | Windows component | ||||
| Windows Push Notifications Apps | 0.8 | 1 | Windows component | ||||
| Windows Remote Access Connection Manager | 0.8 | 2 | Windows component | ||||
| Windows Remote Desktop Client | 0.8 | 2 | Remote Desktop Protocol Client | ||||
| Windows Remote Desktop Protocol | 0.8 | 1 | Windows component | ||||
| Windows Resilient File System (ReFS) | 0.8 | 8 | Windows component | ||||
| Windows StateRepository API Server file | 0.8 | 1 | Windows component | ||||
| Windows Storage | 0.8 | 1 | Windows component | ||||
| Windows System Launcher | 0.8 | 1 | Windows component | ||||
| Windows UI Immersive Server API | 0.8 | 1 | Windows component | ||||
| Windows User Profile Service | 0.8 | 2 | Windows component | ||||
| Windows User-mode Driver Framework Reflector Driver | 0.8 | 1 | Windows component | ||||
| Clipboard User Service | 0.7 | 1 | Clipboard User Service | ||||
| Curl | 0.7 | 1 | Curl is a command-line tool for transferring data specified with URL syntax | ||||
| HEVC Video Extensions | 0.7 | 1 | HEVC Video Extensions | ||||
| Microsoft SharePoint | 0.7 | 1 | Microsoft SharePoint | ||||
| Windows IKE Extension | 0.7 | 1 | 5 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |||
| Windows Security Center | 0.7 | 1 | Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems | ||||
| Workstation Service Remote Protocol | 0.7 | 1 | Workstation Service Remote Protocol remotely queries and configures certain aspects of a Server Message Block network redirector on a remote computer | ||||
| Microsoft Cluster Port Driver | 0.6 | 1 | Microsoft Cluster Port Driver | ||||
| Microsoft Excel | 0.6 | 1 | MS Office product | ||||
| Microsoft Office | 0.6 | 1 | Microsoft Office | ||||
| Microsoft Word | 0.6 | 1 | MS Office product | ||||
| Tile Data Repository | 0.6 | 1 | Tile Data Repository | ||||
| Virtual Machine IDE Drive | 0.6 | 1 | Hyper-V Virtual Machine IDE Drive | ||||
| Windows Hyper-V | 0.6 | 4 | Hardware virtualization component of the client editions of Windows NT | ||||
| Libarchive | 0.5 | 1 | Multi-format archive and compression library | ||||
| Microsoft Dynamics 365 | 0.5 | 2 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | ||||
| Connected Devices Platform Service | 0.3 | 1 | Connected Devices Platform Service |
| Vulnerability Type | Criticality | U | C | H | M | L | Comment |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 28 | 1 | Remote Code Execution | |||
| Security Feature Bypass | 0.9 | 4 | 5 | Security Feature Bypass | |||
| Denial of Service | 0.7 | 1 | 8 | Denial of Service | |||
| Elevation of Privilege | 0.5 | 1 | 1 | 39 | Elevation of Privilege | ||
| Cross Site Scripting | 0.4 | 1 | Cross Site Scripting | ||||
| Information Disclosure | 0.4 | 6 | Information Disclosure | ||||
| Spoofing | 0.4 | 2 | Spoofing |
1. 
Elevation of Privilege - Windows Win32k (CVE-2022-21882) - Critical [609]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned at Microsoft | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows kernel-mode driver | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
2. 
Remote Code Execution - HTTP Protocol Stack (CVE-2022-21907) - High [508]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | HTTP Protocol Stack | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data |
qualys: CVE-2022-21907 – HTTP Protocol Stack Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 9.8/10. This vulnerability affects Windows Servers configured as a webserver. To exploit this vulnerability an unauthenticated attacker could send a specially crafted packet to a vulnerable server utilizing the HTTP Protocol Stack to process packets. This vulnerability is known to be wormable. Exploitability Assessment: Exploitation More Likely.
tenable: CVE-2022-21907 is a RCE vulnerability in Microsoft’s HTTP Protocol Stack (http.sys) that can be exploited by a remote, unauthenticated attacker by sending a crafted packet to an affected server. The vulnerability received a 9.8 CVSSv3 score and Microsoft warns that this flaw is considered wormable. Patching affected servers should be prioritized immediately. While the flaw has not been exploited, it was rated as “Exploitation More Likely” according to Microsoft’s Exploitability Index. According to the advisory, Windows Server 2019 and Windows 10 version 1809 do not have the HTTP Trailer Support feature enabled by default, however this mitigation does not apply to other affected versions of Windows.
zdi: CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability. This bug could allow an attacker to gain code execution on an affected system by sending specially crafted packets to a system utilizing the HTTP Protocol Stack (http.sys) to process packets. No user interaction, no privileges required, and an elevated service add up to a wormable bug. And while this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug. Test and deploy this patch quickly.
3. Remote Code Execution - Remote Procedure Call Runtime (CVE-2022-21922) - High [494]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
4. Remote Code Execution - Microsoft Exchange (CVE-2022-21846) - High [475]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Exchange | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
qualys: CVE-2022-21846 – Microsoft Exchange Server Remote Code Execution Vulnerability. This vulnerability was discovered and reported to Microsoft by National Security Agency (NSA). This vulnerability has a CVSSv3.1 score of 9.0/10. This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specifically tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (e.g. local IP subnet), or from within a secure or otherwise limited administrative domain (e.g. MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Exploitability Assessment: Exploitation More Likely.
tenable: CVE-2022-21969, CVE-2022-21846 and CVE-2022-21855 are RCEs in Microsoft Exchange Server that all received a CVSSv3 score of 9.0 and were rated as “Exploitation More Likely.” According to the advisories, these vulnerabilities require adjacent attack, meaning “it cannot simply be done across the internet, but instead needs something specific tied to the target.” The attacker would need to establish some sort of foothold in the target environment before exploiting these vulnerabilities.
tenable: CVE-2022-21969 is credited to Dr. Florian Hauser with Code White GmbH, CVE-2022-21855 was discovered by Andrew Ruddick from the Microsoft Security Response Center and CVE-2022-21846 is credited to the National Security Agency.
rapid7: CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.
zdi: CVE-2022-21846 - Microsoft Exchange Server Remote Code Execution Vulnerability. Yet another Exchange RCE bug, and another Exchange bug reported by the National Security Agency. This is one of three Exchange RCEs being fixed this month, but this is the only one marked Critical. All are listed as being network adjacent in the CVSS score, so an attacker would need to be tied to the target network somehow. Still, an insider or attacker with a foothold in the target network could use this bug to take over the Exchange server.
5. Remote Code Execution - Microsoft Exchange (CVE-2022-21855) - High [475]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Exchange | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
tenable: CVE-2022-21969, CVE-2022-21846 and CVE-2022-21855 are RCEs in Microsoft Exchange Server that all received a CVSSv3 score of 9.0 and were rated as “Exploitation More Likely.” According to the advisories, these vulnerabilities require adjacent attack, meaning “it cannot simply be done across the internet, but instead needs something specific tied to the target.” The attacker would need to establish some sort of foothold in the target environment before exploiting these vulnerabilities.
tenable: CVE-2022-21969 is credited to Dr. Florian Hauser with Code White GmbH, CVE-2022-21855 was discovered by Andrew Ruddick from the Microsoft Security Response Center and CVE-2022-21846 is credited to the National Security Agency.
rapid7: CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.
6. Remote Code Execution - Microsoft Exchange (CVE-2022-21969) - High [475]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Exchange | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
tenable: CVE-2022-21969, CVE-2022-21846 and CVE-2022-21855 are RCEs in Microsoft Exchange Server that all received a CVSSv3 score of 9.0 and were rated as “Exploitation More Likely.” According to the advisories, these vulnerabilities require adjacent attack, meaning “it cannot simply be done across the internet, but instead needs something specific tied to the target.” The attacker would need to establish some sort of foothold in the target environment before exploiting these vulnerabilities.
tenable: CVE-2022-21969 is credited to Dr. Florian Hauser with Code White GmbH, CVE-2022-21855 was discovered by Andrew Ruddick from the Microsoft Security Response Center and CVE-2022-21846 is credited to the National Security Agency.
rapid7: CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.
7. Remote Code Execution - Windows Remote Desktop Client (CVE-2022-21850) - High [475]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Protocol Client | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2022-21850 and CVE-2022-21851 are both RCE vulnerabilities in the Remote Desktop Client. For both CVEs, an attacker would need to convince a user on an affected version of the Remote Desktop Client to connect to a malicious RDP server. Each of these vulnerabilities received a CVSSv3 score of 8.8 and requires user interaction to exploit.
8. Remote Code Execution - Windows Remote Desktop Client (CVE-2022-21851) - High [475]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Desktop Protocol Client | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
tenable: CVE-2022-21850 and CVE-2022-21851 are both RCE vulnerabilities in the Remote Desktop Client. For both CVEs, an attacker would need to convince a user on an affected version of the Remote Desktop Client to connect to a malicious RDP server. Each of these vulnerabilities received a CVSSv3 score of 8.8 and requires user interaction to exploit.
9. Remote Code Execution - Windows IKE Extension (CVE-2022-21849) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on Microsoft data |
qualys: CVE-2022-21849 – Windows IKE Extension Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 9.8/10. This vulnerability affects systems with Internet Key Exchange (IKE) version 2. While at this time the details of this vulnerability are limited, a remote attacker could trigger multiple vulnerabilities when the IPSec service is running on the Windows system without being authenticated. Exploitability Assessment: Exploitation Less Likely.
10. Remote Code Execution - DirectX Graphics Kernel (CVE-2022-21898) - High [462]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.
11. Remote Code Execution - DirectX Graphics Kernel (CVE-2022-21912) - High [462]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.
12. Remote Code Execution - Windows Geolocation Service (CVE-2022-21878) - High [462]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
13. Remote Code Execution - Windows Modern Execution Server (CVE-2022-21888) - High [462]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
14. Remote Code Execution - Windows Remote Desktop Protocol (CVE-2022-21893) - High [462]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.0. Based on Microsoft data |
tenable: CVE-2022-21893 is a RCE vulnerability in the Remote Desktop Protocol (RDP). In order to exploit this flaw, an attacker would need to convince a targeted user to connect to a malicious RDP server. Once an RDP connection has been established, the attacker could use the malicious RDP server to access or modify the contents of the clipboard and on the filesystem of the victim’s machine. While exploitation is less likely, the vulnerability is still an important flaw to remediate.
15. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21892) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
16. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21958) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
17. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21959) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
18. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21960) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
19. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21961) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
20. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21962) - High [448]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.8. Based on Microsoft data |
21. Remote Code Execution - HEVC Video Extensions (CVE-2022-21917) - High [443]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | HEVC Video Extensions | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
rapid7: CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.
22. Remote Code Execution - Microsoft SharePoint (CVE-2022-21837) - High [443]
Description: Microsoft
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Microsoft SharePoint | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.3. Based on Microsoft data |
qualys: CVE-2022-21837 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 8.3/10. An attacker can use this vulnerability to gain access to the domain and could perform remote code execution on the SharePoint server to elevate themselves to SharePoint admin. Assessment: Exploitation Less Likely.
23. Remote Code Execution - Windows Security Center (CVE-2022-21874) - High [443]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-21874 is a publicly disclosed RCE in the Windows Security Center API that received a CVSSv3 score of 7.8. It was discovered by Jinquan with DBAPPSecurity Lieying Lab. This vulnerability requires user interaction to exploit and the attack vector is local.
24. Remote Code Execution - Microsoft Office (CVE-2022-21840) - High [437]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Office | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
qualys: CVE-2022-21840 – Microsoft Office Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. This vulnerability can only be exploited if the user opens a specifically crafted file.
rapid7: Not quite as bad is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server. Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website – thankfully the Windows preview pane is not a vector for this attack.
zdi: CVE-2022-21840 - Microsoft Office Remote Code Execution Vulnerability. Most Office-related RCE bugs are Important severity since they require user interaction and often have warning dialogs, too. However, this bug is listed as Critical. That normally means the Preview Pane is an attack vector, but that’s also not the case here. Instead, this bug is likely Critical due to the lack of warning dialogs when opening a specially crafted file. There are also multiple patches to address this bug, so be sure you apply all available patches. Unfortunately, if you’re running Office 2019 for Mac and Microsoft Office LTSC for Mac 2021, you’re out of luck because there are no patches available for these products. Let’s hope Microsoft makes these patches available soon.
25. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21928) - High [435]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.3. Based on Microsoft data |
26. Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2022-21963) - High [435]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.4. Based on Microsoft data |
27. Remote Code Execution - Microsoft Excel (CVE-2022-21841) - High [424]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
28. Remote Code Execution - Microsoft Word (CVE-2022-21842) - High [424]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
29. Remote Code Execution - Curl (CVE-2021-22947) - High [416]
Description: Open Source
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.7 | 14 | Curl is a command-line tool for transferring data specified with URL syntax | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on NVD data |
rapid7: The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.
rapid7: Besides CVE-2021-22947 (libcurl), several other Critical RCE vulnerabilities were also fixed. Most of these have caveats that reduce their scariness to some degree. The worst of these is CVE-2021-21907, affecting the Windows HTTP protocol stack. Although it carries a CVSSv3 base score of 9.8 and is considered potentially “wormable” by Microsoft, similar vulnerabilities have not proven to be rampantly exploited (see the AttackerKB analysis for CVE-2021-31166).
30. 
Security Feature Bypass - Windows Defender Application Control (CVE-2022-21906) - High [414]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
31. Security Feature Bypass - Windows Extensible Firmware Interface (CVE-2022-21899) - High [414]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
32. Elevation of Privilege - Kerberos (CVE-2022-21920) - High [412]
Description: Windows
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 1 | 14 | Kerberos | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
33. 
Denial of Service - .NET Framework (CVE-2022-21911) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | .NET Framework | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
34. Security Feature Bypass - Microsoft Local Security Authority Server (CVE-2022-21913) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | LSASS, the Windows Local Security Authority Server process, handles Windows security mechanisms | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
35. Security Feature Bypass - Windows BackupKey Remote Protocol (CVE-2022-21925) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
36. Elevation of Privilege - Active Directory (CVE-2022-21857) - Medium [393]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Active Directory is a directory service developed by Microsoft for Windows domain networks | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data |
rapid7: The majority of this month’s patched vulnerabilities, such as CVE-2022-21857 (affecting Active Directory Domain Services), allow attackers to elevate their privileges on systems or networks they already have a foothold in.
zdi: CVE-2022-21857 - Active Directory Domain Services Elevation of Privilege Vulnerability. This patch fixes a bug that allowed attackers to elevate privileges across an Active Directory trust boundary under certain conditions. Although privilege escalations generally rate an Important severity rating, Microsoft deemed the flaw sufficient enough for a Critical rating. This does require some level of privileges, so again, an insider or other attacker with a foothold in a network could use this for lateral movement and maintaining a presence within an enterprise.
37. Remote Code Execution - Libarchive (CVE-2021-36976) - Medium [391]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Multi-format archive and compression library | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
rapid7: The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.
38. Denial of Service - DirectX Graphics Kernel (CVE-2022-21918) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
39. Security Feature Bypass - Secure Boot (CVE-2022-21894) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on Microsoft data |
40. Security Feature Bypass - Windows Defender Credential Guard (CVE-2022-21921) - Medium [387]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on Microsoft data |
41. Denial of Service - Windows IKE Extension (CVE-2022-21843) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
42. Denial of Service - Windows IKE Extension (CVE-2022-21848) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
43. Denial of Service - Windows IKE Extension (CVE-2022-21883) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
44. Denial of Service - Windows IKE Extension (CVE-2022-21889) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
45. Denial of Service - Windows IKE Extension (CVE-2022-21890) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
46. Security Feature Bypass - Workstation Service Remote Protocol (CVE-2022-21924) - Medium [382]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.7 | 14 | Workstation Service Remote Protocol remotely queries and configures certain aspects of a Server Message Block network redirector on a remote computer | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on Microsoft data |
47. Denial of Service - Windows Event Tracing (CVE-2022-21839) - Medium [374]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows Event Tracing | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on Microsoft data |
48. Elevation of Privilege - Windows Kernel (CVE-2022-21881) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
49. Elevation of Privilege - Windows Win32k (CVE-2022-21887) - Medium [366]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows kernel-mode driver | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
50. Security Feature Bypass - Windows Hyper-V (CVE-2022-21900) - Medium [363]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.6. Based on Microsoft data |
51. Security Feature Bypass - Windows Hyper-V (CVE-2022-21905) - Medium [363]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.6. Based on Microsoft data |
52. Elevation of Privilege - Microsoft Cryptographic Services (CVE-2022-21835) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | he Cryptographic Services is a Microsoft Windows feature that encrypts and decrypts data on storage devices when they are accessed | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
53. Elevation of Privilege - Microsoft Local Security Authority Server (CVE-2022-21884) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | LSASS, the Windows Local Security Authority Server process, handles Windows security mechanisms | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
54. Elevation of Privilege - Windows Bind Filter Driver (CVE-2022-21858) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
55. Elevation of Privilege - Windows Common Log File System Driver (CVE-2022-21897) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
56. Elevation of Privilege - Windows Common Log File System Driver (CVE-2022-21916) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
57. Elevation of Privilege - Windows DWM Core Library (CVE-2022-21852) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
58. Elevation of Privilege - Windows DWM Core Library (CVE-2022-21902) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
59. Elevation of Privilege - Windows Installer (CVE-2022-21908) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Installer | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
60. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2022-21885) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
61. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2022-21914) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
62. Elevation of Privilege - Windows User Profile Service (CVE-2022-21895) - Medium [360]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
63. Elevation of Privilege - Windows Kernel (CVE-2022-21879) - Medium [352]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
64. Denial of Service - Windows Hyper-V (CVE-2022-21847) - Medium [350]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
65. Elevation of Privilege - Diagnostics Hub Standard Collector (CVE-2022-21871) - Medium [347]
Description: Microsoft
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Diagnostics Hub Standard Collector is part of Windows diagnostics tools and it collects real time ETW (Event Tracing for Windows) events and processes them | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
66. Elevation of Privilege - Tablet Windows User Interface Application Core (CVE-2022-21870) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
67. Elevation of Privilege - Task Flow Data Engine (CVE-2022-21861) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Task Flow Data Engine | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
68. Elevation of Privilege - Windows Accounts Control (CVE-2022-21859) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
69. Elevation of Privilege - Windows AppContracts API Server (CVE-2022-21860) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
70. Elevation of Privilege - Windows Application Model Core API (CVE-2022-21862) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
71. Elevation of Privilege - Windows DWM Core Library (CVE-2022-21896) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
72. Elevation of Privilege - Windows Devices Human Interface (CVE-2022-21868) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
73. Elevation of Privilege - Windows Event Tracing (CVE-2022-21872) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows Event Tracing | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
74. Elevation of Privilege - Windows GDI (CVE-2022-21903) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
75. Elevation of Privilege - Windows Push Notifications Apps (CVE-2022-21867) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
76. Elevation of Privilege - Windows StateRepository API Server file (CVE-2022-21863) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
77. Elevation of Privilege - Windows Storage (CVE-2022-21875) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
78. Elevation of Privilege - Windows System Launcher (CVE-2022-21866) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
79. Elevation of Privilege - Windows UI Immersive Server API (CVE-2022-21864) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
80. Elevation of Privilege - Windows User Profile Service (CVE-2022-21919) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
tenable: CVE-2022-21919 is an EoP vulnerability in the Windows User Profile Service. To exploit this vulnerability, an attacker would need to have established a foothold on the vulnerable system through social engineering, a separate exploit or malware. Successful exploitation would give an attacker elevated privileges on the vulnerable system. This vulnerability is considered a zero-day, as it was publicly disclosed prior to Microsoft issuing patches for it.
81. Elevation of Privilege - Windows User-mode Driver Framework Reflector Driver (CVE-2022-21834) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
82. 
Information Disclosure - Windows GDI (CVE-2022-21880) - Medium [340]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
83. Information Disclosure - Windows GDI (CVE-2022-21904) - Medium [340]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data |
84. 
Spoofing - Windows Certificate (CVE-2022-21836) - Medium [340]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
tenable: CVE-2022-21836 is a spoofing vulnerability affecting Windows certificates which has received a 7.8 CVSSv3 score. An attacker could utilize compromised certificates to bypass the Windows Platform Binary Table binary verification. While exploitation is rated as less likely, Microsoft states that the flaw was publicly disclosed. The compromised certificates known to Microsoft have been added to the Windows kernel driver block list and Microsoft offers additional guidance in their security advisory.
85. Elevation of Privilege - Windows Hyper-V (CVE-2022-21901) - Medium [336]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.0. Based on Microsoft data |
86. Elevation of Privilege - Windows Cleanup Manager (CVE-2022-21838) - Medium [333]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
87. Information Disclosure - Windows Win32k (CVE-2022-21876) - Medium [332]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows kernel-mode driver | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
88. Elevation of Privilege - Clipboard User Service (CVE-2022-21869) - Medium [328]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.7 | 14 | Clipboard User Service | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
89. Information Disclosure - Windows GDI (CVE-2022-21915) - Medium [327]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data |
90. Elevation of Privilege - Microsoft Cluster Port Driver (CVE-2022-21910) - Medium [322]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Microsoft Cluster Port Driver | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
91. Elevation of Privilege - Virtual Machine IDE Drive (CVE-2022-21833) - Medium [322]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hyper-V Virtual Machine IDE Drive | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
92. Information Disclosure - Remote Desktop Licensing Diagnoser (CVE-2022-21964) - Medium [313]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Remote Desktop Licensing Diagnoser | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
93. Information Disclosure - Storage Spaces Controller (CVE-2022-21877) - Medium [313]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Information Disclosure | |
| 0.8 | 14 | Storage Spaces Controller | |
| 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data |
94. Elevation of Privilege - Tile Data Repository (CVE-2022-21873) - Medium [309]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Tile Data Repository | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
95. 
Cross Site Scripting - Microsoft Dynamics 365 (CVE-2022-21932) - Medium [283]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
96. Spoofing - Microsoft Dynamics 365 (CVE-2022-21891) - Medium [283]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | |
| 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.6. Based on Microsoft data |
97. Elevation of Privilege - Connected Devices Platform Service (CVE-2022-21865) - Medium [252]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites | |
| 0 | 17 | Public exploit is NOT found at Vulners website | |
| 0.5 | 15 | Elevation of Privilege | |
| 0.3 | 14 | Connected Devices Platform Service | |
| 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data |
Elevation of Privilege (1)Remote Code Execution (29)qualys: CVE-2022-21907 – HTTP Protocol Stack Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 9.8/10. This vulnerability affects Windows Servers configured as a webserver. To exploit this vulnerability an unauthenticated attacker could send a specially crafted packet to a vulnerable server utilizing the HTTP Protocol Stack to process packets. This vulnerability is known to be wormable. Exploitability Assessment: Exploitation More Likely.
tenable: CVE-2022-21907 is a RCE vulnerability in Microsoft’s HTTP Protocol Stack (http.sys) that can be exploited by a remote, unauthenticated attacker by sending a crafted packet to an affected server. The vulnerability received a 9.8 CVSSv3 score and Microsoft warns that this flaw is considered wormable. Patching affected servers should be prioritized immediately. While the flaw has not been exploited, it was rated as “Exploitation More Likely” according to Microsoft’s Exploitability Index. According to the advisory, Windows Server 2019 and Windows 10 version 1809 do not have the HTTP Trailer Support feature enabled by default, however this mitigation does not apply to other affected versions of Windows.
zdi: CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability. This bug could allow an attacker to gain code execution on an affected system by sending specially crafted packets to a system utilizing the HTTP Protocol Stack (http.sys) to process packets. No user interaction, no privileges required, and an elevated service add up to a wormable bug. And while this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug. Test and deploy this patch quickly.
qualys: CVE-2022-21846 – Microsoft Exchange Server Remote Code Execution Vulnerability. This vulnerability was discovered and reported to Microsoft by National Security Agency (NSA). This vulnerability has a CVSSv3.1 score of 9.0/10. This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specifically tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (e.g. local IP subnet), or from within a secure or otherwise limited administrative domain (e.g. MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Exploitability Assessment: Exploitation More Likely.
tenable: CVE-2022-21969, CVE-2022-21846 and CVE-2022-21855 are RCEs in Microsoft Exchange Server that all received a CVSSv3 score of 9.0 and were rated as “Exploitation More Likely.” According to the advisories, these vulnerabilities require adjacent attack, meaning “it cannot simply be done across the internet, but instead needs something specific tied to the target.” The attacker would need to establish some sort of foothold in the target environment before exploiting these vulnerabilities.
tenable: CVE-2022-21969 is credited to Dr. Florian Hauser with Code White GmbH, CVE-2022-21855 was discovered by Andrew Ruddick from the Microsoft Security Response Center and CVE-2022-21846 is credited to the National Security Agency.
rapid7: CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.
zdi: CVE-2022-21846 - Microsoft Exchange Server Remote Code Execution Vulnerability. Yet another Exchange RCE bug, and another Exchange bug reported by the National Security Agency. This is one of three Exchange RCEs being fixed this month, but this is the only one marked Critical. All are listed as being network adjacent in the CVSS score, so an attacker would need to be tied to the target network somehow. Still, an insider or attacker with a foothold in the target network could use this bug to take over the Exchange server.
tenable: CVE-2022-21850 and CVE-2022-21851 are both RCE vulnerabilities in the Remote Desktop Client. For both CVEs, an attacker would need to convince a user on an affected version of the Remote Desktop Client to connect to a malicious RDP server. Each of these vulnerabilities received a CVSSv3 score of 8.8 and requires user interaction to exploit.
qualys: CVE-2022-21849 – Windows IKE Extension Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 9.8/10. This vulnerability affects systems with Internet Key Exchange (IKE) version 2. While at this time the details of this vulnerability are limited, a remote attacker could trigger multiple vulnerabilities when the IPSec service is running on the Windows system without being authenticated. Exploitability Assessment: Exploitation Less Likely.
rapid7: CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.
tenable: CVE-2022-21893 is a RCE vulnerability in the Remote Desktop Protocol (RDP). In order to exploit this flaw, an attacker would need to convince a targeted user to connect to a malicious RDP server. Once an RDP connection has been established, the attacker could use the malicious RDP server to access or modify the contents of the clipboard and on the filesystem of the victim’s machine. While exploitation is less likely, the vulnerability is still an important flaw to remediate.
rapid7: CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.
qualys: CVE-2022-21837 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 8.3/10. An attacker can use this vulnerability to gain access to the domain and could perform remote code execution on the SharePoint server to elevate themselves to SharePoint admin. Assessment: Exploitation Less Likely.
tenable: CVE-2022-21874 is a publicly disclosed RCE in the Windows Security Center API that received a CVSSv3 score of 7.8. It was discovered by Jinquan with DBAPPSecurity Lieying Lab. This vulnerability requires user interaction to exploit and the attack vector is local.
qualys: CVE-2022-21840 – Microsoft Office Remote Code Execution Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. This vulnerability can only be exploited if the user opens a specifically crafted file.
rapid7: Not quite as bad is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server. Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website – thankfully the Windows preview pane is not a vector for this attack.
zdi: CVE-2022-21840 - Microsoft Office Remote Code Execution Vulnerability. Most Office-related RCE bugs are Important severity since they require user interaction and often have warning dialogs, too. However, this bug is listed as Critical. That normally means the Preview Pane is an attack vector, but that’s also not the case here. Instead, this bug is likely Critical due to the lack of warning dialogs when opening a specially crafted file. There are also multiple patches to address this bug, so be sure you apply all available patches. Unfortunately, if you’re running Office 2019 for Mac and Microsoft Office LTSC for Mac 2021, you’re out of luck because there are no patches available for these products. Let’s hope Microsoft makes these patches available soon.
rapid7: The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.
rapid7: Besides CVE-2021-22947 (libcurl), several other Critical RCE vulnerabilities were also fixed. Most of these have caveats that reduce their scariness to some degree. The worst of these is CVE-2021-21907, affecting the Windows HTTP protocol stack. Although it carries a CVSSv3 base score of 9.8 and is considered potentially “wormable” by Microsoft, similar vulnerabilities have not proven to be rampantly exploited (see the AttackerKB analysis for CVE-2021-31166).
rapid7: The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.
Security Feature Bypass (9)Elevation of Privilege (40)rapid7: The majority of this month’s patched vulnerabilities, such as CVE-2022-21857 (affecting Active Directory Domain Services), allow attackers to elevate their privileges on systems or networks they already have a foothold in.
zdi: CVE-2022-21857 - Active Directory Domain Services Elevation of Privilege Vulnerability. This patch fixes a bug that allowed attackers to elevate privileges across an Active Directory trust boundary under certain conditions. Although privilege escalations generally rate an Important severity rating, Microsoft deemed the flaw sufficient enough for a Critical rating. This does require some level of privileges, so again, an insider or other attacker with a foothold in a network could use this for lateral movement and maintaining a presence within an enterprise.
tenable: CVE-2022-21919 is an EoP vulnerability in the Windows User Profile Service. To exploit this vulnerability, an attacker would need to have established a foothold on the vulnerable system through social engineering, a separate exploit or malware. Successful exploitation would give an attacker elevated privileges on the vulnerable system. This vulnerability is considered a zero-day, as it was publicly disclosed prior to Microsoft issuing patches for it.
Denial of Service (9)Information Disclosure (6)Spoofing (2)tenable: CVE-2022-21836 is a spoofing vulnerability affecting Windows certificates which has received a 7.8 CVSSv3 score. An attacker could utilize compromised certificates to bypass the Windows Platform Binary Table binary verification. While exploitation is rated as less likely, Microsoft states that the flaw was publicly disclosed. The compromised certificates known to Microsoft have been added to the Windows kernel driver block list and Microsoft offers additional guidance in their security advisory.
Cross Site Scripting (1)