Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-21846

Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21855, CVE-2022-21969.

CVE
#vulnerability#microsoft
CVE-2022-21871

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability.

CVE-2022-21891

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.

CVE-2022-21910

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.

Coming Soon: New Security Update Guide Notification System

Sharing information through the Security Update Guide is an important part of our ongoing effort to help customers manage security risks and keep systems protected. Based on your feedback we have been working to make signing up for and receiving Security Update Guide notifications easier. We are excited to share that starting today, you can sign up with any email address that you want and receive notifications at that email address.

CVE-2022-21855: Microsoft Exchange Server Remote Code Execution Vulnerability

**According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector?** This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.

CVE-2022-21837: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** An authenticated attacker with access to the domain could perform remote code execution on the Sharepoint server to elevate themselves to Sharepoint admin.

CVE-2022-21969: Microsoft Exchange Server Remote Code Execution Vulnerability

**According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector?** This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.

CVE-2022-21846: Microsoft Exchange Server Remote Code Execution Vulnerability

**According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector?** This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.