Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- A security feature bypass vulnerability in Windows BackupKey Remote Protocol can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows Accounts Control can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows GDI+ can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows User-mode Driver Framework Reflector Driver can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Cleanup Manager can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
- A security bypass vulnerability in Local Security Authority can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
- A denial of service vulnerability in Windows IKE Extension can be exploited remotely to cause denial of service.
- An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Workstation Service Remote Protocol can be exploited remotely to bypass security restrictions.
- A security feature bypass vulnerability in Windows Hyper-V can be exploited remotely to bypass security restrictions.
- A spoofing vulnerability in Windows Certificate can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Virtual Machine IDE Drive can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Remote Desktop Protocol can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Local Security Authority Subsystem Service can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Application Model Core API can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Windows Extensible Firmware Interface can be exploited remotely to bypass security restrictions.
- An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Windows Resilient File System (ReFS) can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Push Notifications Apps can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows UI Immersive Server API can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Tablet Windows User Interface Application Core can be exploited remotely to gain privileges.
- A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
- An information disclosure vulnerability in Win32k can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Devices Human Interface can be exploited remotely to gain privileges.
Первичный источник обнаружения
- CVE-2022-21925
CVE-2022-21859
CVE-2022-21915
CVE-2022-21908
CVE-2022-21834
CVE-2022-21922
CVE-2022-21838
CVE-2022-21850
CVE-2022-21913
CVE-2022-21835
CVE-2022-21903
CVE-2022-21889
CVE-2022-21919
CVE-2022-21851
CVE-2022-21920
CVE-2022-21924
CVE-2022-21905
CVE-2022-21836
CVE-2022-21900
CVE-2022-21880
CVE-2022-21883
CVE-2022-21833
CVE-2022-21890
CVE-2022-21893
CVE-2022-21904
CVE-2022-21848
CVE-2022-21884
CVE-2022-21897
CVE-2022-21857
CVE-2022-21862
CVE-2022-21899
CVE-2022-21885
CVE-2022-21914
CVE-2022-21843
CVE-2022-21916
CVE-2022-21961
CVE-2022-21892
CVE-2022-21867
CVE-2022-21958
CVE-2022-21864
CVE-2022-21962
CVE-2022-21960
CVE-2022-21901
CVE-2022-21881
CVE-2022-21875
CVE-2022-21959
CVE-2022-21870
CVE-2022-21928
CVE-2022-21894
CVE-2022-21895
CVE-2022-21876
CVE-2022-21868
CVE-2022-21963
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
Список CVE
- CVE-2022-21959 high
- CVE-2022-21925 high
- CVE-2022-21859 high
- CVE-2022-21915 high
- CVE-2022-21875 critical
- CVE-2022-21908 critical
- CVE-2022-21834 critical
- CVE-2022-21864 high
- CVE-2022-21922 critical
- CVE-2022-21881 high
- CVE-2022-21838 critical
- CVE-2022-21867 high
- CVE-2022-21901 critical
- CVE-2022-21850 critical
- CVE-2022-21870 critical
- CVE-2022-21913 critical
- CVE-2022-21894 warning
- CVE-2022-21960 high
- CVE-2022-21835 critical
- CVE-2022-21903 critical
- CVE-2022-21889 critical
- CVE-2022-21919 high
- CVE-2022-21851 critical
- CVE-2022-21920 critical
- CVE-2022-21868 high
- CVE-2022-21963 high
- CVE-2022-21958 high
- CVE-2022-21928 high
- CVE-2022-21924 high
- CVE-2022-21905 critical
- CVE-2022-21836 critical
- CVE-2022-21900 warning
- CVE-2022-21880 critical
- CVE-2022-21883 critical
- CVE-2022-21833 critical
- CVE-2022-21890 critical
- CVE-2022-21893 critical
- CVE-2022-21904 critical
- CVE-2022-21876 high
- CVE-2022-21848 critical
- CVE-2022-21961 high
- CVE-2022-21884 critical
- CVE-2022-21897 critical
- CVE-2022-21857 critical
- CVE-2022-21862 high
- CVE-2022-21899 high
- CVE-2022-21885 critical
- CVE-2022-21895 critical
- CVE-2022-21914 critical
- CVE-2022-21892 high
- CVE-2022-21843 critical
- CVE-2022-21916 critical
- CVE-2022-21962 high
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!