Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-33631: Microsoft Excel Security Feature Bypass Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#Microsoft Office Excel#Security Vulnerability
CVE-2022-35766: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34704: Windows Defender Credential Guard Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker that successfully exploited this vulnerability could recover plaintext from TLS-protected data.

CVE-2022-24477: Microsoft Exchange Server Elevation of Privilege Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34692: Microsoft Exchange Information Disclosure Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34702: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34716: .NET Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to successfully execute a blind XXE attack.

CVE-2022-35749: Windows Digital Media Receiver Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.