Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2022-34712: Windows Defender Credential Guard Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could access Kerberos protected data.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows Defender Credential Guard#Security Vulnerability
CVE-2022-34715: Windows Network File System Remote Code Execution Vulnerability

**I am running a supported version of Windows Server. Is my system vulnerable to this issue?** This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

CVE-2022-34714: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35746: Windows Digital Media Receiver Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-35745: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34709: Windows Defender Credential Guard Security Feature Bypass Vulnerability

**What Security Feature could be bypassed by this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard.

CVE-2022-34708: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-34707: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-35747: Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.