Headline

CVE-2022-24497: Windows Network File System Remote Code Execution Vulnerability

I am running a supported version of Windows Server. Is my system vulnerable to this issue?

This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #Windows Network File System #Security Vulnerability

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

2 years ago

CVE

Open in Source

#web #js

CVE-2022-24482: Windows ALPC Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #Microsoft Windows ALPC #Security Vulnerability