Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-37958: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory.

Microsoft Security Response Center
#vulnerability#web#SPNEGO Extended Negotiation#Security Vulnerability
CVE-2022-34732: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34727: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34722: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.

CVE-2022-34721: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.

CVE-2022-38020: Visual Studio Code Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have be enticed to open a malicious file in a directory. Users should never open anything that they do not know or trust to be safe.

CVE-2022-34723: Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view the data protection API (DPAPI) master key.

CVE-2022-37959: Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability

**What security feature could be bypassed by this vulnerability?** An attacker who successfully exploited this could bypass the Network Device Enrollment (NDES) Services' cryptographic service provider.

CVE-2022-38005: Windows Print Spooler Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37954: DirectX Graphics Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.