Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-33647: Windows Kerberos Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.

Microsoft Security Response Center
#vulnerability#web#windows#auth#Windows Kerberos#Security Vulnerability
CVE-2022-35830: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

CVE-2022-38020: Visual Studio Code Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have be enticed to open a malicious file in a directory. Users should never open anything that they do not know or trust to be safe.

CVE-2022-34723: Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view the data protection API (DPAPI) master key.

CVE-2022-37959: Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability

**What security feature could be bypassed by this vulnerability?** An attacker who successfully exploited this could bypass the Network Device Enrollment (NDES) Services' cryptographic service provider.

CVE-2022-35831: Windows Remote Access Connection Manager Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory.

CVE-2022-38005: Windows Print Spooler Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-34729: Windows GDI Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37956: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-30170: Windows Credential Roaming Service Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires that a user to log in to Windows.