Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26808: Windows File Explorer Elevation of Privilege Vulnerability

Why is Attack Complexity marked as High for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
#vulnerability#windows#Windows File Explorer#Security Vulnerability

Related news

CVE-2022-26820: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26824: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26826: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26811: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26819: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26825: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26821: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26823: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26818: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-26812: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-26817: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26814: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26829: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26813: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-24536: Windows DNS Server Remote Code Execution Vulnerability

**According the CVSS score, privileges required is set to High. In this case, what does that mean?** To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.

CVE-2022-24541: Windows Server Service Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-26822: Windows DNS Server Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-24493: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-26910: Skype for Business and Lync Spoofing Vulnerability

**What is the nature of the spoofing?** An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker.

CVE-2022-24537: Windows Hyper-V Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-26911: Skype for Business Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

CVE-2022-26919: Windows LDAP Remote Code Execution Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-24548: Microsoft Defender Denial of Service Vulnerability

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.19100.5 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users,...

CVE-2022-24472: Microsoft SharePoint Server Spoofing Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-24545: Windows Kerberos Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-24534: Win32 Stream Enumeration Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-26918: Windows Fax Compose Form Remote Code Execution Vulnerability

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. To exploit this vulnerability, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

CVE-2022-26917: Windows Fax Compose Form Remote Code Execution Vulnerability

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. To exploit this vulnerability, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

CVE-2022-26916: Windows Fax Compose Form Remote Code Execution Vulnerability

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. To exploit this vulnerability, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

CVE-2022-24491: Windows Network File System Remote Code Execution Vulnerability

**I am running a supported version of Windows Server. Is my system vulnerable to this issue?** This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

CVE-2022-26898: Azure Site Recovery Remote Code Execution Vulnerability

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.

CVE-2022-26830: DiskUsage.exe Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-23292: Microsoft Power BI Spoofing Vulnerability

**According to the CVSS, the Attack Complexity is High. What does that mean for this particular vulnerability?** The attack requires that multiple users try to use the gateway at the same time.

CVE-2022-24539: Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-24487: Windows Local Security Authority (LSA) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In order to exploit this vulnerability the attacker is required to be a local user with a smart card or already logged on remotely through RDP to the remote machine. The authorized attacker could then exploit this Windows LSASS vulnerability by sending, from a user mode application, specially crafted malicious credentials directed at the Windows machine, which could lead to remote code execution.

CVE-2022-26907: Azure SDK for .NET Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** This vulnerability could disclose sensitive information in exception body, which might include user access tokens.

CVE-2022-26897: Azure Site Recovery Information Disclosure Vulnerability

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

CVE-2022-26896: Azure Site Recovery Information Disclosure Vulnerability

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.

CVE-2022-24492: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

CVE-2022-24485: Win32 File Enumeration Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-24533: Remote Desktop Protocol Remote Code Execution Vulnerability

**How would an attacker exploit this vulnerability?** An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents.

CVE-2022-24490: Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

CVE-2022-26816: Windows DNS Server Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker could potentially read small portions of heap memory.

CVE-2022-26827: Windows File Server Resource Management Service Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-24527: Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability

**What is Windows Endpoint Configuration Manager?** Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or are internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more. For more information see - What is Configuration Manager?. **How do I get the latest patch?** The hot patch is available from Microsoft online at https://aka.ms/KB12819689. Instructions for applying the hot patch are included.

CVE-2022-24540: Windows ALPC Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26807: Windows Work Folder Service Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-23268: Windows Hyper-V Denial of Service Vulnerability

**Why is Scope marked as Changed for this vulnerability?** Successful exploitation of this vulnerability would allow a Hyper-V guest to affect the functionality of the Hyper-V host.

CVE-2022-26920: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-26828: Windows Bluetooth Driver Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-26783: Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2022-23259: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db\_owner within their Dynamics 356 database.

CVE-2022-24543: Windows Upgrade Assistant Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** The attacker would need to trick or coerce a legitimate user into downloading and executing a specially crafted install file

CVE-2022-24528: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

CVE-2022-24532: HEVC Video Extensions Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-21983: Win32 Stream Enumeration Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-26903: Windows Graphics Component Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-24495: Windows Direct Show - Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-23257: Windows Hyper-V Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-24500: Windows SMB Remote Code Execution Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

CVE-2022-22008: Windows Hyper-V Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-22009: Windows Hyper-V Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

CVE-2022-24483: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2022-1262: Command Injection Vulnerability in /bin/protest Binary on Multiple D-Link Routers

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.