Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-37981: Windows Event Logging Service Denial of Service Vulnerability

**According to the CVSS metric, availability is low (A:L). How could an attacker impact the availability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

Microsoft Security Response Center
#vulnerability#web#windows#dos#Windows Event Logging Service#Security Vulnerability
CVE-2022-38029: Windows ALPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-37980: Windows DHCP Client Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38028: Windows Print Spooler Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38030: Windows USB Serial Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unintentional read access from uninitialized memory, which can be from either kernel memory or another user-mode process.

CVE-2022-37979: Windows Hyper-V Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-38026: Windows DHCP Client Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.

CVE-2022-37984: Windows WLAN Service Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-41081: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-38016: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation