Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information, cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
2. A spoofing vulnerability in Windows CryptoAPI can be exploited remotely to spoof user interface.
3. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows Group Policy can be exploited remotely to gain privileges.
5. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
6. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
7. A denial of service vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to cause denial of service.
8. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows WLAN Service can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Event Logging Service can be exploited remotely to cause denial of service.
12. A remote code execution vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
13. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
14. An information disclosure vulnerability in Web Account Manager can be exploited remotely to obtain sensitive information.
15. An elevation of privilege vulnerability in Windows Resilient File System can be exploited remotely to gain privileges.
16. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
17. A denial of service vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to cause denial of service.
18. An elevation of privilege vulnerability in Windows Group Policy Preference Client can be exploited remotely to gain privileges.
19. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
20. An information disclosure vulnerability in Windows USB Serial Driver can be exploited remotely to obtain sensitive information.
21. An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
22. A denial of service vulnerability in Windows TCP/IP Driver can be exploited remotely to cause denial of service.
23. An elevation of privilege vulnerability in Windows Workstation Service can be exploited remotely to gain privileges.
24. A denial of service vulnerability in Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
25. An information disclosure vulnerability in Windows Server Remotely Accessible Registry Keys can be exploited remotely to obtain sensitive information.
26. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
27. An elevation of privilege vulnerability in Windows Client Server Run-time Subsystem (CSRSS) can be exploited remotely to gain privileges.
28. A security feature bypass vulnerability in Windows Active Directory Certificate Services can be exploited remotely to bypass security restrictions.
29. An elevation of privilege vulnerability in Windows COM+ Event System Service can be exploited remotely to gain privileges.
30. An information disclosure vulnerability in Windows Mixed Reality Developer Tools can be exploited remotely to obtain sensitive information.
31. An elevation of privilege vulnerability in Connected User Experiences and Telemetry can be exploited remotely to gain privileges.
32. A security feature bypass vulnerability in Windows Portable Device Enumerator Service can be exploited remotely to bypass security restrictions.
33. An elevation of privilege vulnerability in Server Service Remote Protocol can be exploited remotely to gain privileges.
34. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
35. An elevation of privilege vulnerability in Active Directory Certificate Services can be exploited remotely to gain privileges.
36. A remote code execution vulnerability in Windows CD-ROM File System Driver can be exploited remotely to execute arbitrary code.
37. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
38. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
39. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
40. An information disclosure vulnerability in Windows Distributed File System (DFS) can be exploited remotely to obtain sensitive information.
41. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
42. A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
43. An elevation of privilege vulnerability in Windows DHCP Client can be exploited remotely to gain privileges.
44. An information disclosure vulnerability in Windows Security Support Provider Interface can be exploited remotely to obtain sensitive information.
45. An information disclosure vulnerability in Windows DHCP Client can be exploited remotely to obtain sensitive information.
46. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
47. A denial of service vulnerability in Internet Key Exchange (IKE) Protocol can be exploited remotely to cause denial of service.
48. A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.

Первичный источник обнаружения

• CVE-2022-38029
  CVE-2022-34689
  CVE-2022-37985
  CVE-2022-37975
  CVE-2022-37996
  CVE-2022-38050
  CVE-2022-37965
  CVE-2022-37983
  CVE-2022-38042
  CVE-2022-37984
  CVE-2022-37981
  CVE-2022-24504
  CVE-2022-33634
  CVE-2022-37990
  CVE-2022-38046
  CVE-2022-38003
  CVE-2022-38038
  CVE-2022-37979
  CVE-2022-37998
  CVE-2022-37991
  CVE-2022-37993
  CVE-2022-38041
  CVE-2022-38030
  CVE-2022-38027
  CVE-2022-33645
  CVE-2022-38034
  CVE-2022-37977
  CVE-2022-38033
  CVE-2022-38037
  CVE-2022-38028
  CVE-2022-38000
  CVE-2022-37989
  CVE-2022-37978
  CVE-2022-41033
  CVE-2022-37994
  CVE-2022-37974
  CVE-2022-38021
  CVE-2022-37999
  CVE-2022-37973
  CVE-2022-38032
  CVE-2022-38045
  CVE-2022-38051
  CVE-2022-37976
  CVE-2022-38047
  CVE-2022-38044
  CVE-2022-38040
  CVE-2022-37970
  CVE-2022-37982
  CVE-2022-38025
  CVE-2022-37997
  CVE-2022-38016
  CVE-2022-33635
  CVE-2022-22035
  CVE-2022-37980
  CVE-2022-38043
  CVE-2022-37995
  CVE-2022-37988
  CVE-2022-38026
  CVE-2022-30198
  CVE-2022-38022
  CVE-2022-37986
  CVE-2022-38039
  CVE-2022-38036
  CVE-2022-41081
  CVE-2022-37987
  CVE-2022-38031
  CVE-2022-35770
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Windows-Server-2016
• Microsoft-Windows-Server-2019
• Microsoft-Windows-11

Список CVE

• CVE-2022-38029
  high
• CVE-2022-34689
  critical
• CVE-2022-37985
  high
• CVE-2022-37975
  critical
• CVE-2022-37996
  high
• CVE-2022-38050
  critical
• CVE-2022-37965
  high
• CVE-2022-37983
  critical
• CVE-2022-38042
  high
• CVE-2022-37984
  critical
• CVE-2022-37981
  warning
• CVE-2022-24504
  critical
• CVE-2022-33634
  critical
• CVE-2022-37990
  critical
• CVE-2022-38046
  critical
• CVE-2022-38003
  critical
• CVE-2022-38038
  critical
• CVE-2022-37979
  critical
• CVE-2022-37998
  critical
• CVE-2022-37991
  critical
• CVE-2022-37993
  critical
• CVE-2022-38041
  critical
• CVE-2022-38030
  warning
• CVE-2022-38027
  high
• CVE-2022-33645
  critical
• CVE-2022-38034
  critical
• CVE-2022-37977
  high
• CVE-2022-38033
  high
• CVE-2022-38037
  critical
• CVE-2022-38028
  critical
• CVE-2022-38000
  critical
• CVE-2022-37989
  critical
• CVE-2022-37978
  critical
• CVE-2022-41033
  critical
• CVE-2022-37994
  critical
• CVE-2022-37974
  high
• CVE-2022-38021
  high
• CVE-2022-37999
  critical
• CVE-2022-37973
  critical
• CVE-2022-38032
  high
• CVE-2022-38045
  critical
• CVE-2022-38051
  critical
• CVE-2022-37976
  critical
• CVE-2022-38047
  critical
• CVE-2022-38044
  critical
• CVE-2022-38040
  critical
• CVE-2022-37970
  critical
• CVE-2022-37982
  critical
• CVE-2022-38025
  high
• CVE-2022-37997
  critical
• CVE-2022-38016
  critical
• CVE-2022-33635
  critical
• CVE-2022-22035
  critical
• CVE-2022-37980
  critical
• CVE-2022-38043
  high
• CVE-2022-37995
  critical
• CVE-2022-37988
  critical
• CVE-2022-38026
  high
• CVE-2022-30198
  critical
• CVE-2022-38022
  warning
• CVE-2022-37986
  critical
• CVE-2022-38039
  critical
• CVE-2022-38036
  critical
• CVE-2022-41081
  critical
• CVE-2022-37987
  critical
• CVE-2022-38031
  critical
• CVE-2022-35770
  high

Список KB

• 5016627
• 5016622
• 5016683
• 5016639
• 5016616
• 5016623
• 5016681
• 5016629
• 5018474
• 5018418
• 5018476
• 5018427
• 5018410
• 5018425
• 5018421
• 5018411
• 5018419

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com