Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2022-30173: Microsoft Excel Remote Code Execution Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Microsoft Security Response Center
#vulnerability#web#microsoft#rce#Microsoft Office Excel#Security Vulnerability
CVE-2022-30155: Windows Kernel Denial of Service Vulnerability

**How could an attacker exploit this vulnerability?** This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file that action could cause a crash of the operating system.

CVE-2022-30154: Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2022-30143: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.

CVE-2022-30153: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server to gain remote code execution within the LDAP client.

CVE-2022-30149: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2022-30145: Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2022-30150: Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2022-30142: Windows File History Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.