Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
2. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
4. A remote code execution vulnerability in Windows WebBrowser Control can be exploited remotely to execute arbitrary code.
5. A remote code execution vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to execute arbitrary code.
6. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
7. A denial of service vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to cause denial of service.
8. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Microsoft ATA Port Driver can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
11. A remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) can be exploited remotely to execute arbitrary code.
12. An elevation of privilege vulnerability in Windows Fax Service can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
14. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
15. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
16. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
17. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
18. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
20. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
21. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
22. An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges.
23. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
24. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
25. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
26. A security vulnerability in Windows can be exploited remotely to bypass security restrictions.

Первичный источник обнаружения

• CVE-2022-35759
  CVE-2022-34690
  CVE-2022-35745
  CVE-2022-35750
  CVE-2022-34708
  CVE-2022-35753
  CVE-2022-34691
  CVE-2022-35751
  CVE-2022-34701
  CVE-2022-34707
  CVE-2022-34713
  CVE-2022-35820
  CVE-2022-30194
  CVE-2022-35744
  CVE-2022-34706
  CVE-2022-34714
  CVE-2022-30133
  CVE-2022-35758
  CVE-2022-35767
  CVE-2022-35769
  CVE-2022-35795
  CVE-2022-35760
  CVE-2022-35768
  CVE-2022-35752
  CVE-2022-35793
  CVE-2022-35747
  CVE-2022-35743
  CVE-2022-35756
  CVE-2022-34702
  CVE-2022-35748
  CVE-2022-35754
  CVE-2022-35755
  CVE-2022-35749
  CVE-2022-34696
  CVE-2022-33670
  CVE-2022-34302
  CVE-2022-35746
  CVE-2022-34301
  CVE-2022-34303
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2022-35759
  warning
• CVE-2022-34303
  warning
• CVE-2022-35751
  warning
• CVE-2022-34707
  warning
• CVE-2022-30194
  warning
• CVE-2022-35744
  warning
• CVE-2022-34714
  warning
• CVE-2022-34301
  warning
• CVE-2022-35767
  warning
• CVE-2022-35769
  warning
• CVE-2022-35795
  warning
• CVE-2022-35760
  warning
• CVE-2022-35793
  warning
• CVE-2022-35747
  warning
• CVE-2022-35743
  warning
• CVE-2022-34702
  warning
• CVE-2022-34690
  warning
• CVE-2022-35745
  warning
• CVE-2022-35750
  warning
• CVE-2022-34708
  warning
• CVE-2022-35753
  warning
• CVE-2022-34701
  warning
• CVE-2022-34691
  warning
• CVE-2022-34302
  warning
• CVE-2022-35746
  warning
• CVE-2022-34713
  warning
• CVE-2022-35820
  warning
• CVE-2022-34696
  warning
• CVE-2022-33670
  warning
• CVE-2022-34706
  warning
• CVE-2022-35754
  warning
• CVE-2022-35748
  warning
• CVE-2022-30133
  warning
• CVE-2022-35758
  warning
• CVE-2022-35755
  warning
• CVE-2022-35749
  warning
• CVE-2022-35768
  warning
• CVE-2022-35752
  warning
• CVE-2022-35756
  warning

Список KB

• 5016672
• 5016683
• 5016684
• 5016681
• 5012170
• 5016686
• 5016669
• 5016679
• 5016676

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com