Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-30134: Microsoft Exchange Information Disclosure Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#microsoft#Microsoft Exchange Server#Security Vulnerability
CVE-2022-34690: Windows Fax Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2022-35766: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-34704: Windows Defender Credential Guard Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker that successfully exploited this vulnerability could recover plaintext from TLS-protected data.

CVE-2022-24477: Microsoft Exchange Server Elevation of Privilege Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34692: Microsoft Exchange Information Disclosure Vulnerability

**Are there any more actions I need to take to be protected from this vulnerability?** Yes. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack. For more information, see Exchange Server Support for Windows Extended Protection **Is there more information available about this release of Exchange Server?** For more information on this issue, please see The Exchange Blog.

CVE-2022-34702: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-35749: Windows Digital Media Receiver Elevation of Privilege Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-35752: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.