Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-23281: Windows Common Log File System Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Microsoft Security Response Center
#vulnerability#windows#Windows Common Log File System Driver#Security Vulnerability
CVE-2022-23278: Microsoft Defender for Endpoint Spoofing Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2022-24511: Microsoft Office Word Tampering Vulnerability

**Are the updates for the Microsoft Office for Mac currently available?** The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2022-23286: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-23277: Microsoft Exchange Server Remote Code Execution Vulnerability

**Does the attacker need to be in an authenticated role in the Exchange Server?** Yes, the attacker must be authenticated.

CVE-2022-24520: Azure Site Recovery Remote Code Execution Vulnerability

**What privileges does an attacker require to exploit this vulnerability?** Exploiting this vulnerability requires an attacker to compromise admin credentials to the replication appliance, configuration server, or one of the VMs associated with the configuration server.