Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
2. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
4. A remote code execution vulnerability in Windows WebBrowser Control can be exploited remotely to execute arbitrary code.
5. A remote code execution vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to execute arbitrary code.
6. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
7. A denial of service vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to cause denial of service.
8. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Microsoft ATA Port Driver can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
11. A remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) can be exploited remotely to execute arbitrary code.
12. An elevation of privilege vulnerability in Windows Fax Service can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
14. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
15. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
16. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
17. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
20. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
21. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
22. An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges.
23. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
24. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
25. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
26. A security vulnerability in Windows can be exploited remotely to bypass security restrictions.

Первичный источник обнаружения

• CVE-2022-35759
  CVE-2022-34690
  CVE-2022-35745
  CVE-2022-35750
  CVE-2022-34708
  CVE-2022-35753
  CVE-2022-34691
  CVE-2022-35751
  CVE-2022-34701
  CVE-2022-34707
  CVE-2022-34713
  CVE-2022-35820
  CVE-2022-30194
  CVE-2022-35744
  CVE-2022-34706
  CVE-2022-34714
  CVE-2022-30133
  CVE-2022-35758
  CVE-2022-35767
  CVE-2022-35769
  CVE-2022-35795
  CVE-2022-35760
  CVE-2022-35768
  CVE-2022-35752
  CVE-2022-35793
  CVE-2022-35747
  CVE-2022-35743
  CVE-2022-35756
  CVE-2022-34702
  CVE-2022-35748
  CVE-2022-35754
  CVE-2022-35755
  CVE-2022-35749
  CVE-2022-34696
  CVE-2022-33670
  CVE-2022-34302
  CVE-2022-35746
  CVE-2022-34301
  CVE-2022-34303
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2022-35759
  high
• CVE-2022-34303
  high
• CVE-2022-35751
  critical
• CVE-2022-34707
  critical
• CVE-2022-30194
  critical
• CVE-2022-35744
  critical
• CVE-2022-34714
  critical
• CVE-2022-34301
  high
• CVE-2022-35767
  critical
• CVE-2022-35769
  critical
• CVE-2022-35795
  critical
• CVE-2022-35760
  critical
• CVE-2022-35793
  high
• CVE-2022-35747
  high
• CVE-2022-35743
  critical
• CVE-2022-34702
  critical
• CVE-2022-34690
  high
• CVE-2022-35745
  critical
• CVE-2022-35750
  critical
• CVE-2022-34708
  high
• CVE-2022-35753
  critical
• CVE-2022-34701
  critical
• CVE-2022-34691
  critical
• CVE-2022-34302
  high
• CVE-2022-35746
  critical
• CVE-2022-34713
  critical
• CVE-2022-35820
  critical
• CVE-2022-34696
  critical
• CVE-2022-33670
  critical
• CVE-2022-34706
  critical
• CVE-2022-35754
  high
• CVE-2022-35748
  critical
• CVE-2022-30133
  critical
• CVE-2022-35758
  high
• CVE-2022-35755
  high
• CVE-2022-35749
  critical
• CVE-2022-35768
  critical
• CVE-2022-35752
  critical
• CVE-2022-35756
  critical

Список KB

• 5016672
• 5016683
• 5016684
• 5016681
• 5012170
• 5016686
• 5016669
• 5016679
• 5016676

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com