Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2022-38045: Server Service Remote Protocol Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

Microsoft Security Response Center
Open in Source
#vulnerability#web#Windows Server Service#Security Vulnerability
CVE-2022-37996: Windows Kernel Memory Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-41042: Visual Studio Code Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

CVE-2022-41083: Visual Studio Code Elevation of Privilege Vulnerability

The following workaround may be helpful in your situation: * Create a folder C:\\ProgramData\\jupyter\\kernels\\ and configure it to be writable only by the current user

CVE-2022-37997: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37985: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2022-38033: Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploits this vulnerability would be able to remotely read registry keys under HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedExactPaths\\Machine not normally accessible to a normal user.

CVE-2022-38042: Active Directory Domain Services Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.