Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-22012: Windows LDAP Remote Code Execution Vulnerability

**Are there any special conditions necessary for this vulnerability to be exploitable?** Yes. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see LDAP policies.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#rce#ldap#Windows LDAP - Lightweight Directory Access Protocol#Security Vulnerability
CVE-2022-29129: Windows LDAP Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller.

CVE-2022-29128: Windows LDAP Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller.

CVE-2022-23279: Windows ALPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-29150: Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-29151: Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-21978: Microsoft Exchange Server Elevation of Privilege Vulnerability

 **Do I need to take further steps to be protected from this vulnerability?** Because of additional security hardening work for CVE-2022-21978, the following actions should be taken in addition to application of May 2022 security updates: For customers that have Exchange Server 2016 CU22 or CU23, or Exchange Server 2019 CU11 or CU12 installed Install the May 2022 SU first and then run one of the following commands using Setup.exe in your Exchange Server installation path (e.g., …\\Program Files\\Microsoft\\Exchange Server\\v15\\Bin): * Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains * Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains For customers that have Exchange Server 2013 CU23 installed: Install the May 2022 SU first and then run the following command using Setup.exe in your Exchange Server installation path (e.g., …\\Program Files\\Microsoft\\Exchange Server\\v15\\Bin): * Setup.exe /IAcceptEx...

CVE-2022-21972: Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-23270: Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.