Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
4. A remote code execution vulnerability in PowerShell can be exploited remotely to execute arbitrary code.
5. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to cause denial of service.
8. A remote code execution vulnerability in Windows Contacts can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows Fax Compose Form can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows Client Server Run-Time Subsystem (CSRSS) can be exploited remotely to gain privileges.
11. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
12. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
13. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
14. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.

Первичный источник обнаружения

• CVE-2022-44668
  CVE-2022-41121
  CVE-2022-41094
  CVE-2022-44667
  CVE-2022-41076
  CVE-2022-44676
  CVE-2022-44678
  CVE-2022-44681
  CVE-2022-44697
  CVE-2022-44670
  CVE-2022-44666
  CVE-2022-41077
  CVE-2022-44673
  CVE-2022-44675
  CVE-2022-41074
  CVE-2022-44707
  CVE-2022-44682
  CVE-2022-44680
  CVE-2022-44679
  CVE-2022-44683
  ADV220005
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2022-44668
  critical
• CVE-2022-41121
  critical
• CVE-2022-41094
  critical
• CVE-2022-44683
  critical
• CVE-2022-41076
  critical
• CVE-2022-44676
  critical
• CVE-2022-44667
  critical
• CVE-2022-44678
  critical
• CVE-2022-44682
  high
• CVE-2022-44681
  critical
• CVE-2022-44697
  critical
• CVE-2022-44670
  critical
• CVE-2022-44666
  critical
• CVE-2022-44707
  high
• CVE-2022-41077
  critical
• CVE-2022-44673
  high
• CVE-2022-44675
  critical
• CVE-2022-44679
  high
• CVE-2022-41074
  high
• CVE-2022-44680
  critical

Список KB

• 5021294
• 5021285
• 5021303
• 5021296
• 5021293
• 5021291
• 5021289
• 5021288
• 5022348
• 5022352
• 5022343
• 5022346
• 5022338
• 5022353
• 5022340
• 5022339

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com