Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-21997: Windows Print Spooler Elevation of Privilege Vulnerability

**What privileges does the attacker gain?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

Microsoft Security Response Center
#vulnerability#windows#Windows Print Spooler Components#Security Vulnerability
CVE-2022-21998: Windows Common Log File System Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-23276: SQL Server for Linux Containers Elevation of Privilege Vulnerability

**If I'm running SQL Server 2019 on premise, am I vulnerable to this CVE?** This vulnerability only exists in the containerized version of SQL Server 2019 for Linux. If you are running that version, Microsoft recommends applying the update.

CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-22716: Microsoft Excel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2022-21968: Microsoft SharePoint Server Security Feature BypassVulnerability

**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.

CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability

The following mitigating factors may be helpful in your situation: To be vulnerable, a DNS server would need to have dynamic updates enabled.

CVE-2022-22717: Windows Print Spooler Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-21993: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.