Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2022-37961: Microsoft SharePoint Server Remote Code Execution Vulnerability

**I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?** No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013. Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#Microsoft Office SharePoint#Security Vulnerability
CVE-2022-26928: Windows Photo Import API Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35828: Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-34731: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2022-34730: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34726: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34725: Windows ALPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34729: Windows GDI Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-34728: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2022-37956: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.