Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-26928: Windows Photo Import API Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows Photo Import API#Security Vulnerability
CVE-2022-35828: Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-34731: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2022-34730: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34726: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

CVE-2022-34725: Windows ALPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34729: Windows GDI Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-34728: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2022-37956: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-37955: Windows Group Policy Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.