Report Name: Microsoft Patch Tuesday, March 2022
Generated: 2022-03-13 14:29:53

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLComment
Windows SMB11Windows SMB
Windows Kernel0.9110Windows Kernel
Media Foundation0.82Windows component
Microsoft Defender0.81Anti-malware component of Microsoft Windows
Microsoft Defender for IoT0.811Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
Microsoft Edge0.811811Web browser
Microsoft Exchange0.811Exchange
Windows Ancillary Function Driver for WinSock0.81Windows component
Windows Cloud Files Mini Filter Driver0.81Windows component
Windows Common Log File System Driver0.81Windows component
Windows DWM Core Library0.82Windows component
Windows Event Tracing0.81Windows Event Tracing
Windows Fast FAT File System Driver0.81Windows component
Windows HTML Platforms0.81Windows component
Windows Installer0.81Windows Installer
Windows Media0.81Windows component
Windows NT Lan Manager Datagram Receiver Driver0.81Windows component
Windows Print Spooler0.81Windows component
Windows Remote Desktop Client0.82Remote Desktop Protocol Client
Windows Remote Desktop Protocol0.81Windows component
Windows Update Stack0.81Windows component
.NET0.711.NET
HEVC Video Extensions0.76HEVC Video Extensions
Paint 3D0.71Standard Windows Application
Point-to-Point Tunneling Protocol0.71The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
Raw Image Extension0.72Raw Image Extension
VP9 Video Extensions0.72VP9 is an open and royalty-free video coding format developed by Google
HEIF Image Extensions0.61The HEIF Image Extension enables Windows 10 devices to read and write files that use the High Efficiency Image File (HEIF) format.
Microsoft Office0.61Microsoft Office
Microsoft Office Visio0.63Microsoft Visio
Microsoft Word0.61MS Office product
Skype Extension for Chrome0.61 This extension enables Skype integration across various online services, including calendars, email, and even social media
Windows Hyper-V0.61Hardware virtualization component of the client editions of Windows NT
Azure0.411Azure
Brotli Library0.41Brotli is a compression algorithm developed by Google and works best for text compression
Microsoft Intune Portal for iOS0.31iOS store app for Microsoft Intune
Visual Studio Code0.31Integrated development environment


Vulnerability Types

Vulnerability TypeCriticalityUCHMLComment
Remote Code Execution1.0226Remote Code Execution
Security Feature Bypass0.912Security Feature Bypass
Denial of Service0.74Denial of Service
Memory Corruption0.6118Memory Corruption
Elevation of Privilege0.5223Elevation of Privilege
Information Disclosure0.46Information Disclosure
Spoofing0.44Spoofing
Tampering0.31Tampering
Unknown Vulnerability Type011Unknown Vulnerability Type


Vulnerabilities

Urgent (0)

Critical (0)

High (26)

1. Remote Code Execution - Microsoft Defender for IoT (CVE-2022-23265) - High [586]

Description: Microsoft Defender for IoT Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists0.617Public exploit is mentioned by Microsoft in CVSS Temporal Score (Functional Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

2. Remote Code Execution - Windows Remote Desktop Client (CVE-2022-21990) - High [567]

Description: Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists0.417Public exploit is mentioned by Microsoft in CVSS Temporal Score (Proof-of-Concept Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Remote Desktop Protocol Client
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

qualys: CVE-2022-21990 and CVE-2022-23285 – Remote Desktop Client Remote Code Execution (RCE) Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

rapid7: Microsoft's March 2022 updates include fixes for 92 CVEs (including 21 from the Chromium project, which is used by their Edge web browser). None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client, both allow RCE (Remote Code Execution). CVE-2022-24459 is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated Important – organizations should remediate at their regular patch cadence.

zdi: CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability. This client-side bug doesn’t have the same punch as server-side related RDP vulnerabilities, but since it’s listed as publicly known, it makes sense to go ahead and treat this as a Critical-rated bug. If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client. Again, this isn’t as severe as BlueKeep or some of the other RDP server bugs, but it definitely shouldn’t be overlooked.

3. Memory Corruption - Microsoft Edge (CVE-2022-0609) - High [516]

Description: Chromium: CVE-2022-0609 Use after free in Animation. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned at AttackerKB
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0609 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

4. Remote Code Execution - Windows SMB (CVE-2022-24508) - High [513]

Description: Windows SMBv3 Client/Server Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Windows SMB
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

qualys: CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution (RCE) Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. In addition to releasing an update for this vulnerability, Microsoft has also provided a workaround that may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: This vulnerability exists in a new feature that was added to Windows 10 version 2004 and exists in newer supported versions of Windows. Older versions of Windows are not affected.

rapid7: CVE-2022-24508 is an RCE affecting Windows SMBv3, which has potential for widespread exploitation, assuming an attacker can put together a suitable exploit. Luckily, like this month's Exchange vulnerabilities, this too requires authentication.

zdi: CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability. This bug could allow an attacker to execute code on Windows 10 version 2004 and newer systems. It’s also reminiscent of CVE-2020-0796 from a couple of years ago. Both also list disabling SMBv3 compression as a workaround for SMB servers, but this doesn’t help clients. In 2020, Microsoft noted SMBv3 compression “is not yet used by Windows or Windows Server and disabling SMB Compression has no negative performance impact.” That’s not in the current advisory, so it’s unclear what disabling this feature will have now. Authentication is required here, but since this affected both clients and servers, an attacker could use this for lateral movement within a network. This is another one I would treat as Critical and mitigate quickly.

5. Security Feature Bypass - Windows HTML Platforms (CVE-2022-24502) - High [479]

Description: Windows HTML Platforms Security Feature Bypass Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists0.417Public exploit is mentioned by Microsoft in CVSS Temporal Score (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.410Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on Microsoft data

6. Remote Code Execution - Microsoft Exchange (CVE-2022-23277) - High [475]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Exchange
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

qualys: CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution (RCE). As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

rapid7: Three CVEs this month are rated Critical. CVE-2022-22006 and CVE-2022-24501 both affect video codecs. In most cases, these will update automatically via the Microsoft Store. However, any organizations with automatic updates disabled should be sure to push out updates. The vulnerability most likely to raise eyebrows this month is CVE-2022-23277, a Critical RCE affecting Exchange Server. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.

zdi: CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability. This Critical-rated bug in Exchange Server was reported by long-time ZDI contributor Markus Wulftange. The vulnerability would allow an authenticated attacker to execute their code with elevated privileges through a network call. This is also listed as low complexity with exploitation more likely, so it would not surprise me to see this bug exploited in the wild soon - despite the authentication requirement. Test and deploy this to your Exchange servers quickly.

7. Remote Code Execution - Windows Event Tracing (CVE-2022-23294) - High [475]

Description: Windows Event Tracing Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows Event Tracing
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

8. Remote Code Execution - Windows Remote Desktop Client (CVE-2022-23285) - High [475]

Description: Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Remote Desktop Protocol Client
CVSS Base Score0.910Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

qualys: CVE-2022-21990 and CVE-2022-23285 – Remote Desktop Client Remote Code Execution (RCE) Vulnerability. This vulnerability has a CVSSv3.1 score of 8.8/10. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

9. Elevation of Privilege - Windows Kernel (CVE-2022-24459) - High [471]

Description: Windows Fax and Scan Service Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists0.417Public exploit is mentioned by Microsoft in CVSS Temporal Score (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

rapid7: Microsoft's March 2022 updates include fixes for 92 CVEs (including 21 from the Chromium project, which is used by their Edge web browser). None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client, both allow RCE (Remote Code Execution). CVE-2022-24459 is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated Important – organizations should remediate at their regular patch cadence.

10. Remote Code Execution - HEVC Video Extensions (CVE-2022-22006) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

rapid7: Three CVEs this month are rated Critical. CVE-2022-22006 and CVE-2022-24501 both affect video codecs. In most cases, these will update automatically via the Microsoft Store. However, any organizations with automatic updates disabled should be sure to push out updates. The vulnerability most likely to raise eyebrows this month is CVE-2022-23277, a Critical RCE affecting Exchange Server. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.

11. Remote Code Execution - HEVC Video Extensions (CVE-2022-22007) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

12. Remote Code Execution - HEVC Video Extensions (CVE-2022-23301) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

13. Remote Code Execution - HEVC Video Extensions (CVE-2022-24452) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24453, CVE-2022-24456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

14. Remote Code Execution - HEVC Video Extensions (CVE-2022-24453) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

15. Remote Code Execution - HEVC Video Extensions (CVE-2022-24456) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714HEVC Video Extensions
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

16. Remote Code Execution - Paint 3D (CVE-2022-23282) - High [443]

Description: Paint 3D Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Standard Windows Application
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

17. Remote Code Execution - Raw Image Extension (CVE-2022-23295) - High [443]

Description: Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23300.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Raw Image Extension
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

18. Remote Code Execution - Raw Image Extension (CVE-2022-23300) - High [443]

Description: Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23295.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Raw Image Extension
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

19. Remote Code Execution - VP9 Video Extensions (CVE-2022-24451) - High [443]

Description: VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24501.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714VP9 is an open and royalty-free video coding format developed by Google
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

20. Remote Code Execution - VP9 Video Extensions (CVE-2022-24501) - High [443]

Description: VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714VP9 is an open and royalty-free video coding format developed by Google
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

rapid7: Three CVEs this month are rated Critical. CVE-2022-22006 and CVE-2022-24501 both affect video codecs. In most cases, these will update automatically via the Microsoft Store. However, any organizations with automatic updates disabled should be sure to push out updates. The vulnerability most likely to raise eyebrows this month is CVE-2022-23277, a Critical RCE affecting Exchange Server. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.

21. Elevation of Privilege - Windows Print Spooler (CVE-2022-23284) - High [439]

Description: Windows Print Spooler Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists0.417Public exploit is mentioned by Microsoft in CVSS Temporal Score (Proof-of-Concept Exploit)
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

22. Remote Code Execution - HEIF Image Extensions (CVE-2022-24457) - High [424]

Description: HEIF Image Extensions Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614The HEIF Image Extension enables Windows 10 devices to read and write files that use the High Efficiency Image File (HEIF) format.
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

23. Remote Code Execution - Microsoft Office Visio (CVE-2022-24461) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Visio
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

24. Remote Code Execution - Microsoft Office Visio (CVE-2022-24509) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Visio
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

25. Remote Code Execution - Microsoft Office Visio (CVE-2022-24510) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Visio
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

26. Remote Code Execution - .NET (CVE-2022-24512) - High [416]

Description: .NET and Visual Studio Remote Code Execution Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714.NET
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 6.3. Based on Microsoft data

rapid7: Microsoft's March 2022 updates include fixes for 92 CVEs (including 21 from the Chromium project, which is used by their Edge web browser). None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client, both allow RCE (Remote Code Execution). CVE-2022-24459 is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated Important – organizations should remediate at their regular patch cadence.

Medium (64)

27. Denial of Service - .NET (CVE-2022-24464) - Medium [382]

Description: .NET and Visual Studio Denial of Service Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714.NET
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

28. Elevation of Privilege - Windows Kernel (CVE-2022-23290) - Medium [379]

Description: Windows Inking COM Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

29. Elevation of Privilege - Windows Kernel (CVE-2022-23299) - Medium [379]

Description: Windows PDEV Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

30. Elevation of Privilege - Windows Kernel (CVE-2022-24454) - Medium [379]

Description: Windows Security Support Provider Interface Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

31. Elevation of Privilege - Windows Kernel (CVE-2022-24455) - Medium [379]

Description: Windows CD-ROM Driver Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

32. Security Feature Bypass - Microsoft Word (CVE-2022-24462) - Medium [377]

Description: Microsoft Word Security Feature Bypass Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614MS Office product
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

33. Denial of Service - Windows Media (CVE-2022-21973) - Medium [374]

Description: Windows Media Center Update Denial of Service Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

34. Remote Code Execution - Azure (CVE-2022-24467) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

35. Remote Code Execution - Azure (CVE-2022-24468) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

36. Remote Code Execution - Azure (CVE-2022-24470) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

37. Remote Code Execution - Azure (CVE-2022-24471) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

38. Remote Code Execution - Azure (CVE-2022-24517) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

39. Remote Code Execution - Azure (CVE-2022-24520) - Medium [372]

Description: Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on Microsoft data

40. Denial of Service - Point-to-Point Tunneling Protocol (CVE-2022-23253) - Medium [368]

Description: Point-to-Point Tunneling Protocol Denial of Service Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

41. Elevation of Privilege - Windows Kernel (CVE-2022-21967) - Medium [366]

Description: Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

zdi: CVE-2022-21967 – Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. This appears to be the first security patch impacting Xbox specifically. There was an advisory for an inadvertently disclosed Xbox Live certificate back in 2015, but this seems to be the first security-specific update for the device itself. Microsoft even notes other Windows OSes are not affected by this bug. It’s not clear how an attacker could escalate privileges using this vulnerability, but the Auth Manager component is listed as affected. This service handles interacting with the Xbox Live service. I doubt many enterprises are reliant on Xbox or Xbox Live, but if you are, make sure this patch doesn’t go unnoticed.

42. Elevation of Privilege - Windows Kernel (CVE-2022-23283) - Medium [366]

Description: Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

43. Elevation of Privilege - Windows Kernel (CVE-2022-23287) - Medium [366]

Description: Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-24505.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

44. Elevation of Privilege - Windows Kernel (CVE-2022-23298) - Medium [366]

Description: Windows NT OS Kernel Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

45. Elevation of Privilege - Windows Kernel (CVE-2022-24460) - Medium [366]

Description: Tablet Windows User Interface Application Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

46. Elevation of Privilege - Windows Kernel (CVE-2022-24505) - Medium [366]

Description: Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

47. Elevation of Privilege - Microsoft Defender for IoT (CVE-2022-23266) - Medium [360]

Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

48. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2022-24507) - Medium [360]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

49. Elevation of Privilege - Windows DWM Core Library (CVE-2022-23291) - Medium [360]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

50. Elevation of Privilege - Windows Fast FAT File System Driver (CVE-2022-23293) - Medium [360]

Description: Windows Fast FAT File System Driver Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

51. Elevation of Privilege - Windows Installer (CVE-2022-23296) - Medium [360]

Description: Windows Installer Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows Installer
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data

52. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2022-23286) - Medium [347]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

53. Elevation of Privilege - Windows DWM Core Library (CVE-2022-23288) - Medium [347]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

54. Elevation of Privilege - Windows Update Stack (CVE-2022-24525) - Medium [347]

Description: Windows Update Stack Elevation of Privilege Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 7.0. Based on Microsoft data

55. Spoofing - Microsoft Exchange (CVE-2022-24463) - Medium [327]

Description: Microsoft Exchange Server Spoofing Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Exchange
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

56. Denial of Service - Windows Hyper-V (CVE-2022-21975) - Medium [322]

Description: Windows Hyper-V Denial of Service Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Hardware virtualization component of the client editions of Windows NT
CVSS Base Score0.510Vulnerability Severity Rating based on CVSS Base Score is 4.7. Based on Microsoft data

57. Information Disclosure - Windows Common Log File System Driver (CVE-2022-23281) - Medium [313]

Description: Windows Common Log File System Driver Information Disclosure Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

58. Information Disclosure - Windows NT Lan Manager Datagram Receiver Driver (CVE-2022-23297) - Medium [313]

Description: Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

59. Spoofing - Microsoft Defender (CVE-2022-23278) - Medium [313]

Description: Microsoft Defender for Endpoint Spoofing Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Anti-malware component of Microsoft Windows
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on Microsoft data

60. Information Disclosure - Skype Extension for Chrome (CVE-2022-24522) - Medium [302]

Description: Skype Extension for Chrome Information Disclosure Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.614 This extension enables Skype integration across various online services, including calendars, email, and even social media
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on Microsoft data

61. Information Disclosure - Windows Remote Desktop Protocol (CVE-2022-24503) - Medium [300]

Description: Remote Desktop Protocol Client Information Disclosure Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.510Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on Microsoft data

62. Spoofing - Microsoft Edge (CVE-2022-23264) - Medium [300]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.510Vulnerability Severity Rating based on CVSS Base Score is 4.7. Based on Microsoft data

MS PT Extended: CVE-2022-23264 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

63. Memory Corruption - Brotli Library (CVE-2020-8927) - Medium [291]

Description: {'ms_cve_data_all': 'Brotli Library Buffer Overflow Vulnerability', 'nvd_cve_data_all': 'A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.414Brotli is a compression algorithm developed by Google and works best for text compression
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

64. Information Disclosure - Media Foundation (CVE-2022-22010) - Medium [286]

Description: Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.410Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on Microsoft data

65. Elevation of Privilege - Azure (CVE-2022-24469) - Medium [285]

Description: Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.414Azure
CVSS Base Score0.810Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on Microsoft data

qualys: CVE-2022-24469 – Azure Site Recovery Elevation of Privilege Vulnerability. This vulnerability has a CVSSv3.1 score of 8.1/10. An attacker can call Azure Site Recovery APIs provided by the Configuration Server and in turn, get access to configuration data including credentials for the protected systems. Using the APIs, the attacker can also modify/delete configuration data which in turn will impact Site Recovery operation.

66. Security Feature Bypass - Microsoft Intune Portal for iOS (CVE-2022-24465) - Medium [279]

Description: Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.314iOS store app for Microsoft Intune
CVSS Base Score0.310Vulnerability Severity Rating based on CVSS Base Score is 3.3. Based on Microsoft data

67. Information Disclosure - Media Foundation (CVE-2022-21977) - Medium [272]

Description: Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Information Disclosure
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.310Vulnerability Severity Rating based on CVSS Base Score is 3.3. Based on Microsoft data

68. Memory Corruption - Microsoft Edge (CVE-2022-0603) - Medium [272]

Description: Chromium: CVE-2022-0603 Use after free in File Manager. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0603 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

69. Memory Corruption - Microsoft Edge (CVE-2022-0604) - Medium [272]

Description: Chromium: CVE-2022-0604 Heap buffer overflow in Tab Groups. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0604 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

70. Memory Corruption - Microsoft Edge (CVE-2022-0605) - Medium [272]

Description: Chromium: CVE-2022-0605 Use after free in Webstore API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0605 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

71. Memory Corruption - Microsoft Edge (CVE-2022-0606) - Medium [272]

Description: Chromium: CVE-2022-0606 Use after free in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0606 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

72. Memory Corruption - Microsoft Edge (CVE-2022-0607) - Medium [272]

Description: Chromium: CVE-2022-0607 Use after free in GPU. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0607 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

73. Memory Corruption - Microsoft Edge (CVE-2022-0789) - Medium [272]

Description: Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0789 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

74. Memory Corruption - Microsoft Edge (CVE-2022-0790) - Medium [272]

Description: Chromium: CVE-2022-0790 Use after free in Cast UI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0790 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

75. Memory Corruption - Microsoft Edge (CVE-2022-0791) - Medium [272]

Description: Chromium: CVE-2022-0791 Use after free in Omnibox. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0791 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

76. Memory Corruption - Microsoft Edge (CVE-2022-0793) - Medium [272]

Description: Chromium: CVE-2022-0793 Use after free in Views. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0793 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

77. Memory Corruption - Microsoft Edge (CVE-2022-0794) - Medium [272]

Description: Chromium: CVE-2022-0794 Use after free in WebShare. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0794 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

78. Memory Corruption - Microsoft Edge (CVE-2022-0796) - Medium [272]

Description: Chromium: CVE-2022-0796 Use after free in Media. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0796 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

79. Memory Corruption - Microsoft Edge (CVE-2022-0797) - Medium [272]

Description: Chromium: CVE-2022-0797 Out of bounds memory access in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0797 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

80. Memory Corruption - Microsoft Edge (CVE-2022-0798) - Medium [272]

Description: Chromium: CVE-2022-0798 Use after free in MediaStream. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0798 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

81. Memory Corruption - Microsoft Edge (CVE-2022-0800) - Medium [272]

Description: Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0800 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

82. Memory Corruption - Microsoft Edge (CVE-2022-0805) - Medium [272]

Description: Chromium: CVE-2022-0805 Use after free in Browser Switcher. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0805 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

83. Memory Corruption - Microsoft Edge (CVE-2022-0808) - Medium [272]

Description: Chromium: CVE-2022-0808 Use after free in Chrome OS Shell. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0808 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

84. Memory Corruption - Microsoft Edge (CVE-2022-0809) - Medium [272]

Description: Chromium: CVE-2022-0809 Out of bounds memory access in WebXR. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.615Memory Corruption
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0809 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

85. Elevation of Privilege - Azure (CVE-2022-24506) - Medium [271]

Description: Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

86. Elevation of Privilege - Azure (CVE-2022-24515) - Medium [271]

Description: Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

87. Elevation of Privilege - Azure (CVE-2022-24518) - Medium [271]

Description: Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24519.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

88. Elevation of Privilege - Azure (CVE-2022-24519) - Medium [271]

Description: Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.414Azure
CVSS Base Score0.710Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on Microsoft data

89. Tampering - Microsoft Office (CVE-2022-24511) - Medium [255]

Description: Microsoft Office Word Tampering Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.315Tampering
Vulnerable Product is Common0.614Microsoft Office
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on Microsoft data

90. Spoofing - Visual Studio Code (CVE-2022-24526) - Medium [218]

Description: Visual Studio Code Spoofing Vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.314Integrated development environment
CVSS Base Score0.610Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on Microsoft data

Low (11)

91. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0608) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0608 Integer overflow in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0608 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

92. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0610) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0610 Inappropriate implementation in Gamepad API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0610 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

93. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0792) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0792 Out of bounds read in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0792 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

94. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0795) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0795 Type Confusion in Blink Layout. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0795 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

95. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0799) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0799 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

96. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0801) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0801 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

97. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0802) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0802 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

98. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0803) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0803 Inappropriate implementation in Permissions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0803 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

99. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0804) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0804 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

100. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0806) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0806 Data leak in Canvas. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0806 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

101. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0807) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0807 Inappropriate implementation in Autofill. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists017Public exploit is NOT found at Vulners or Microsoft website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Web browser
CVSS Base Score0.010Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

MS PT Extended: CVE-2022-0807 was published before March 2022 Patch Tuesday from 2022-02-09 to 2022-03-07

Exploitation in the wild detected (1)

Memory Corruption (1)

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (100)

Remote Code Execution (28)

Security Feature Bypass (3)

Elevation of Privilege (25)

Denial of Service (4)

Spoofing (4)

Information Disclosure (6)

Memory Corruption (18)

Tampering (1)

Unknown Vulnerability Type (11)