This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Framework | CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability |
AMD CPU Branch | CVE-2022-23824 | AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions |
Azure | CVE-2022-39327 | GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI |
Azure | CVE-2022-41085 | Azure CycleCloud Elevation of Privilege Vulnerability |
Azure Real Time Operating System | CVE-2022-41051 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Linux Kernel | CVE-2022-38014 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability |
Microsoft Dynamics | CVE-2022-41066 | Microsoft Business Central Information Disclosure Vulnerability |
Microsoft Exchange Server | CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft Exchange Server | CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
Microsoft Exchange Server | CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft Exchange Server | CVE-2022-41123 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2022-41113 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2022-41052 | Windows Graphics Component Remote Code Execution Vulnerability |
Microsoft Office | ADV220003 | Microsoft Defense in Depth Update |
Microsoft Office | CVE-2022-41105 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2022-41107 | Microsoft Office Graphics Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability |
Microsoft Office Excel | CVE-2022-41063 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2022-41106 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office Word | CVE-2022-41103 | Microsoft Word Information Disclosure Vulnerability |
Microsoft Office Word | CVE-2022-41061 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office Word | CVE-2022-41060 | Microsoft Word Information Disclosure Vulnerability |
Network Policy Server (NPS) | CVE-2022-41056 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability |
Network Policy Server (NPS) | CVE-2022-41097 | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability |
Open Source Software | CVE-2022-3786 | OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun |
Open Source Software | CVE-2022-3602 | OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun |
Role: Windows Hyper-V | CVE-2022-38015 | Windows Hyper-V Denial of Service Vulnerability |
SysInternals | CVE-2022-41120 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability |
Visual Studio | CVE-2022-39253 | GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default |
Visual Studio | CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability |
Windows Advanced Local Procedure Call | CVE-2022-41093 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Windows ALPC | CVE-2022-41045 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Windows ALPC | CVE-2022-41100 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Windows Bind Filter Driver | CVE-2022-41114 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
Windows BitLocker | CVE-2022-41099 | BitLocker Security Feature Bypass Vulnerability |
Windows CNG Key Isolation Service | CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
Windows Devices Human Interface | CVE-2022-41055 | Windows Human Interface Device Information Disclosure Vulnerability |
Windows Digital Media | CVE-2022-41095 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Windows DWM Core Library | CVE-2022-41096 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
Windows Extensible File Allocation | CVE-2022-41050 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability |
Windows Group Policy Preference Client | CVE-2022-37992 | Windows Group Policy Elevation of Privilege Vulnerability |
Windows Group Policy Preference Client | CVE-2022-41086 | Windows Group Policy Elevation of Privilege Vulnerability |
Windows HTTP.sys | CVE-2022-41057 | Windows HTTP.sys Elevation of Privilege Vulnerability |
Windows Kerberos | CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability |
Windows Kerberos | CVE-2022-41053 | Windows Kerberos Denial of Service Vulnerability |
Windows Kerberos | CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability |
Windows Mark of the Web (MOTW) | CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability |
Windows Mark of the Web (MOTW) | CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability |
Windows Netlogon | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability |
Windows Network Address Translation (NAT) | CVE-2022-41058 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
Windows ODBC Driver | CVE-2022-41047 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Windows ODBC Driver | CVE-2022-41048 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Windows Overlay Filter | CVE-2022-41101 | Windows Overlay Filter Elevation of Privilege Vulnerability |
Windows Overlay Filter | CVE-2022-41102 | Windows Overlay Filter Elevation of Privilege Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41044 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41116 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41090 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41039 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-41088 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Windows Print Spooler Components | CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-41054 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Windows Scripting | CVE-2022-41118 | Windows Scripting Languages Remote Code Execution Vulnerability |
Windows Scripting | CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability |
Windows Win32K | CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2022-41098 | Windows GDI+ Information Disclosure Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2022-23824 MITRE NVD |
CVE Title: AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions
CVSS: None FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-23824 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Information Disclosure | 5018425 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Information Disclosure | 5018425 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Information Disclosure | 5018411 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Information Disclosure | 5018411 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Information Disclosure | 5018419 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Information Disclosure | 5018419 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Information Disclosure | 5018419 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | 5018410 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Information Disclosure | Base: N/A Temporal: N/A Vector: N/A |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | Base: N/A Temporal: N/A Vector: N/A |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Information Disclosure | Base: N/A Temporal: N/A Vector: N/A |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Information Disclosure | 5018418 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Information Disclosure | 5018418 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Information Disclosure | 5018427 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Information Disclosure | 5018427 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Information Disclosure | 5018454 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Information Disclosure | 5018454 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Information Disclosure | 5018474 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Information Disclosure | 5018474 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows RT 8.1 | 5020010 (Security Only) | Important | Information Disclosure | Base: N/A Temporal: N/A Vector: N/A |
Yes | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Information Disclosure | 5018450 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Information Disclosure | 5018450 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Information Disclosure | 5018450 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Information Disclosure | 5018450 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Information Disclosure | 5018454 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Information Disclosure | 5018454 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Information Disclosure | 5018457 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Information Disclosure | 5018457 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Information Disclosure | 5018474 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Information Disclosure | 5018474 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Information Disclosure | 5018411 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Information Disclosure | 5018411 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Information Disclosure | 5018419 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Information Disclosure | 5018419 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Information Disclosure | 5018421 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Information Disclosure | 5018421 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2022-23824 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-38014 MITRE NVD |
CVE Title: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-38014 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure EFLOW | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Windows Subsystem for Linux (WSL2) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-38014 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-37966 MITRE NVD |
CVE Title: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.1/7.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain administrator privileges. How could an attacker exploit this vulnerability? An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment. Where can I find more information about these changes? For more information please see How to manage the Kerberos Protocol changes related to CVE-2022-37966. I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?* The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-37966 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Elevation of Privilege | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Elevation of Privilege | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Elevation of Privilege | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Elevation of Privilege | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Elevation of Privilege | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Elevation of Privilege | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Critical | Elevation of Privilege | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Critical | Elevation of Privilege | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Critical | Elevation of Privilege | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Critical | Elevation of Privilege | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Critical | Elevation of Privilege | 5018421 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Critical | Elevation of Privilege | 5018421 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-37966 | Tom Tervoort with Secura |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41085 MITRE NVD |
CVE Title: Azure CycleCloud Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain administrator privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to brute force authentication and obtain a successful login. What versions are impacted by this vulnerability? All versions are impacted and should be updated based on the documentation provided in the CVE. According to the CVSS metric, the attack vector as local (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41085 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure CycleCloud 7 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Azure CycleCloud 8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-41085 | Yiming Xiang with NSFOCUS TIANJI LAB |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41100 MITRE NVD |
CVE Title: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41100 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5020010 (Security Only) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Important | Elevation of Privilege | 5016060 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41100 | Jarvis_1oop of vulnerability research institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41058 MITRE NVD |
CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41058 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Denial of Service | 5018425 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Denial of Service | 5018425 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Denial of Service | 5018411 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Denial of Service | 5018411 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Denial of Service | 5018419 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Denial of Service | 5018419 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Denial of Service | 5018419 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Denial of Service | 5018410 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Denial of Service | 5018418 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Denial of Service | 5018418 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Denial of Service | 5018427 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Denial of Service | 5018427 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Denial of Service | 5018454 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Denial of Service | 5018454 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Denial of Service | 5018474 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Denial of Service | 5018474 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5020010 (Security Only) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Denial of Service | 5018450 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Denial of Service | 5018450 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Denial of Service | 5018450 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Denial of Service | 5018450 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Denial of Service | 5018454 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Denial of Service | 5018454 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Denial of Service | 5018457 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Denial of Service | 5018457 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Denial of Service | 5018474 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Denial of Service | 5018474 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Denial of Service | 5018411 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Denial of Service | 5018411 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Denial of Service | 5018419 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Denial of Service | 5018419 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Denial of Service | 5018421 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Denial of Service | 5018421 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Important | Denial of Service | 5016060 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41058 | Huichen Lin and Dong Seong Kim with School of Information Technology and Electrical Engineering - The University of Queensland |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41101 MITRE NVD |
CVE Title: Windows Overlay Filter Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41101 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Important | Elevation of Privilege | 5016060 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41101 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41102 MITRE NVD |
CVE Title: Windows Overlay Filter Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41102 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Important | Elevation of Privilege | 5016060 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41102 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41064 MITRE NVD |
CVE Title: .NET Framework Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.8/5.1
FAQ: If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability? Customers using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:
Please see Microsoft Security Advisory CVE 2022-41064 | .NET Information Disclosure Vulnerability for more information. According to the CVSS score, the Attack Vector is Adjacent (AV:A). What does this mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within the SQL Connection Pool. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to exhaust all the threads in the thread pool. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could cause the attacker access queries from other users in the SQL Connection Pool. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41064 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Information Disclosure | 5018425 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Information Disclosure | 5018425 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020691 (Monthly Rollup) 5020681 (Security Only) |
Important | Information Disclosure | 5018550, 5013873 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020691 (Monthly Rollup) 5020681 (Security Only) |
Important | Information Disclosure | 5018550, 5013873 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5020691 (Monthly Rollup) 5020681 (Security Only) |
Important | Information Disclosure | 5018550, 5013873 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 | 5020688 (Monthly Rollup) 5020678 (Security Only) |
Important | Information Disclosure | 5013870, 5018547 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 | 5020688 (Monthly Rollup) 5020678 (Security Only) |
Important | Information Disclosure | 5013870, 5018547 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems | 5020690 (Monthly Rollup) 5020680 (Security Only) |
Important | Information Disclosure | 5016568, 5018549 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems | 5020690 (Monthly Rollup) 5020680 (Security Only) |
Important | Information Disclosure | 5016568, 5018549 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 | 5020690 (Monthly Rollup) 5020680 (Security Only) |
Important | Information Disclosure | 5016568, 5018549 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020688 (Monthly Rollup) 5020678 (Security Only) |
Important | Information Disclosure | 5013870, 5018547 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020688 (Monthly Rollup) 5020678 (Security Only) |
Important | Information Disclosure | 5013870, 5018547 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5020689 (Monthly Rollup) 5020679 (Security Only) |
Important | Information Disclosure | 5013871, 5018548 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5020689 (Monthly Rollup) 5020679 (Security Only) |
Important | Information Disclosure | 5013871, 5018548 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5020679 (Security Only) 5020690 (Monthly Rollup) |
Important | Information Disclosure | 5016568, 5018549 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5020679 (Security Only) 5020690 (Monthly Rollup) |
Important | Information Disclosure | 5016568, 5018549 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows Server 2019 | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5020614 (Security Update) | Important | Information Disclosure | 5013625, 5018515 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5020614 (Security Update) | Important | Information Disclosure | 5013625, 5018515 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5020685 (Monthly Rollup) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for ARM64-based Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 5018542 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems | 5020685 (Monthly Rollup) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for 32-bit Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for ARM64-based Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 20H2 for x64-based Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for 32-bit Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for ARM64-based Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H1 for x64-based Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 11 for ARM64-based Systems | 5020695 (Security Update) | Important | Information Disclosure | 5017497, 5018859, 5018546 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 11 for x64-based Systems | 5020695 (Security Update) | Important | Information Disclosure | 5017497, 5018859, 5018546 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 | 5020688 (Monthly Rollup) | Important | Information Disclosure | 5013870, 5018547 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 | 5020688 (Monthly Rollup) 5020678 (Security Only) |
Important | Information Disclosure | 5013870, 5018547 |
Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems | 5020690 (Monthly Rollup) | Important | Information Disclosure | 5016568, 5018549 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems | 5020690 (Monthly Rollup) | Important | Information Disclosure | 5016568, 5018549 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows RT 8.1 | 5020690 (Monthly Rollup) | Important | Information Disclosure | 5016568, 5018549 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020688 (Monthly Rollup) | Important | Information Disclosure | 5013870, 5018547 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020688 (Monthly Rollup) | Important | Information Disclosure | 5013870, 5018547 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5020689 (Monthly Rollup) | Important | Information Disclosure | 5013871, 5018548 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5020689 (Monthly Rollup) | Important | Information Disclosure | 5013871, 5018548 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5020690 (Monthly Rollup) | Important | Information Disclosure | 5016568, 5018549 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5020690 (Monthly Rollup) | Important | Information Disclosure | 5016568, 5018549 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5020614 (Security Update) | Important | Information Disclosure | 5013625, 5018515 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5020614 (Security Update) | Important | Information Disclosure | 5013625, 5018515 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2019 | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation) | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for 32-bit Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for ARM64-based Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 1809 for x64-based Systems | 5020685 (Security Update) | Important | Information Disclosure | 5013868, 50185 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 20H2 for x64-based Systems | 5020686 (Security Update) | Important | Information Disclosure | 5017498, 5018856, 5018543 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for 32-bit Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for ARM64-based Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H1 for x64-based Systems | 5020801 (Security Update) | Important | Information Disclosure | 5017499, 5018857, 5018544 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5020687 (Security Update) | Important | Information Disclosure | 5017500, 5018858, 5018545 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5020694 (Security Update) | Important | Information Disclosure | 5017651, 5018202 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 11 for ARM64-based Systems | 5020695 (Security Update) | Important | Information Disclosure | 5017497, 5018859, 5018546 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 11 for x64-based Systems | 5020695 (Security Update) | Important | Information Disclosure | 5017497, 5018859, 5018546 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5020622 (Security Update) | Important | Information Disclosure | 5017271, 5018341 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5020622 (Security Update) | Important | Information Disclosure | 5017271, 5018341 | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Nuget 2.1.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Nuget 4.8.5 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.8 Temporal: 5.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-41064 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2022-39327 MITRE NVD |
CVE Title: GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
CVSS: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Azure cli, which is published on GitHub and for which GitHub is the CVE Naming Authority (CNA). It is being documented in the Security Update Guide to inform customers using the azure-cli that they need to apply the updated version. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-39327 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure CLI | Improper Control of Generation of Code ('Code Injection') in Azure CLI (Security Update) | Critical | Remote Code Execution | 2.41.0 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-39327 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41120 MITRE NVD |
CVE Title: Microsoft Windows Sysmon Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain administrator privileges. How could an attacker exploit this vulnerability? A locally authenticated attacker could manipulate information on the Sysinternals services to achieve elevation from local user to SYSTEM admin. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41120 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Sysmon | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-41120 | Filip Dragovic with Infigo IS |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41122 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. This CVE was addressed by updates that were released in September 2022, but the CVE was omitted from the September 2022 Security Updates. This is an informational change only. Customers who have already installed the September 2022 update do not need to take any further action. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41122 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5002264 (Cumulative Update) 5002267 (Security Update) |
Important | Spoofing | 5002219 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 5002269 (Security Update) | Important | Spoofing | 5002222 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002267 (Security Update) | Important | Spoofing | 5002219 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002258 (Security Update) | Important | Spoofing | 5002212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server Subscription Edition | 5002271 (Security Update) | Important | Spoofing | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-41122 | Li Jian Tao (@CurseRed) with STAR Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41078 MITRE NVD |
CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS: CVSS:3.1 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41078 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5019758 (Security Update) | Important | Spoofing | 5019076 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 23 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 12 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41078 | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41123 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41123 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5019758 (Security Update) | Important | Elevation of Privilege | 5019077 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 23 | 5019758 (Security Update) | Important | Elevation of Privilege | 5019077 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5019758 (Security Update) | Important | Elevation of Privilege | 5019077 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 12 | 5019758 (Security Update) | Important | Elevation of Privilege | 5019077 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41123 | Piotr Bazydlo (@chudypb) working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41079 MITRE NVD |
CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS: CVSS:3.1 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41079 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5019758 (Security Update) | Important | Spoofing | 5019076 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 23 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 12 | 5019758 (Security Update) | Important | Spoofing | 5019077 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41079 | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41080 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41080 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5019758 (Security Update) | Critical | Elevation of Privilege | 5019076 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5019758 (Security Update) | Critical | Elevation of Privilege | 5019077 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 23 | 5019758 (Security Update) | Critical | Elevation of Privilege | 5019077 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5019758 (Security Update) | Critical | Elevation of Privilege | 5019077 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 12 | 5019758 (Security Update) | Critical | Elevation of Privilege | 5019077 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41080 | rskvp93 with VcsLab of Viettel Cyber Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2022-3602 MITRE NVD |
CVE Title: OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
CVSS: None FAQ: Why is this OpenSSL Software Foundation CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Where can I find further guidance for this OpenSSL vulnerability? For more information and guidance see Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602). Mitigations: None Workarounds: None Revision: 1.0    2022-11-02T07:00:00     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-3602 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure SDK for C++ | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Azure Kubernetes Service | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
vcpkg | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-3602 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41128 MITRE NVD |
CVE Title: Windows Scripting Languages Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/8.2
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. The CVE title says Windows Scripting Languages, what does that mean for this vulnerability? This vulnerability impacts the JScript9 scripting language. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2022-41128 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Critical | Remote Code Execution | 5018425 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Critical | Remote Code Execution | 5018425 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Critical | Remote Code Execution | 5018418 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Critical | Remote Code Execution | 5018418 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Critical | Remote Code Execution | 5018427 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Critical | Remote Code Execution | 5018427 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018454 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018454 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018474 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018474 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5020023 (Monthly Rollup) | Critical | Remote Code Execution | 5018474 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018454 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) 5019958 (IE Cumulative) |
Critical | Remote Code Execution | 5018457 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) | Critical | Remote Code Execution | 5018474 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Critical | Remote Code Execution | 5018421 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-41128 | Clément Lecigne of Google’s Threat Analysis Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-38015 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-38015 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Critical | Denial of Service | 5018425 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Critical | Denial of Service | 5018411 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Critical | Denial of Service | 5018419 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Critical | Denial of Service | 5018410 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Critical | Denial of Service | 5018410 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Critical | Denial of Service | 5018410 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Critical | Denial of Service | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Critical | Denial of Service | 5018418 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Critical | Denial of Service | 5018427 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Critical | Denial of Service | 5018411 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Critical | Denial of Service | 5018411 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Critical | Denial of Service | 5018419 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Critical | Denial of Service | 5018419 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Critical | Denial of Service | 5018421 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Critical | Denial of Service | 5018421 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Critical | Denial of Service | 5016060 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-38015 | Eran Segal with Safebreach |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-37967 MITRE NVD |
CVE Title: Windows Kerberos Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.2/6.3
FAQ: Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain administrator privileges. How could an attacker exploit this vulnerability? An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that is allowed for delegation, they can modify the Kerberos PAC to elevate their privileges. Where can I find more information about these changes? For more information please see How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967. Do I need to take further steps to be protected from this vulnerability? Yes. Please review the KB article How to manage the Kerberos and Netlogon Protocol changes related to CVE-2022-37967. This recommends that you:
If I install the updates and take no further action, what will be the impact? Intially you will not be secure. There are additional actions an administrator needs to take that are outlined in the KB article. Why do I need to follow the guidelines in how to manage the changes in Kerberos associated with CVE-2022-37967? There is a risk of exploitation of the noted vulnerability if you don't take the required actions. How does Microsoft plan to address this vulnerability? To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout. What is the timeline for this rollout? Please refer to the planned enforcement timeline in the KB article. How can I be notified when the further updates are available? When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?* The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-37967 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Critical | Elevation of Privilege | 5018450 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Elevation of Privilege | 5018454 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Elevation of Privilege | 5018454 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Elevation of Privilege | 5018457 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Elevation of Privilege | 5018457 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Elevation of Privilege | 5018474 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Elevation of Privilege | 5018474 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Critical | Elevation of Privilege | 5018411 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Critical | Elevation of Privilege | 5018411 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Critical | Elevation of Privilege | 5018419 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Critical | Elevation of Privilege | 5018419 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Critical | Elevation of Privilege | 5018421 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Critical | Elevation of Privilege | 5018421 | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-37967 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-38023 MITRE NVD |
CVE Title: Netlogon RPC Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.1/7.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain administrator privileges. Where can I find more information about these changes? For more information please see How to manage Netlogon Protocol changes related to CVE-2022-38023. I am running Windows Server 2022 Datacenter: Azure Edition (Server Core) but the hotpatch (Windows Server 2022 Datacenter: Azure Edition (Hotpatch)) for it is not listed in the Security Updates table. Is there an update that I can apply for this edition of Windows Server 2022?* The update to address this vulnerability for Windows Server 2022 Datacenter: Azure Edition (Server Core) is not hotpatchable and is therefore not included in the November Hotpatch KB (5019080). Customers running Windows Server 2022 Datacenter: Azure Edition (Server Core) as a domain controller should install the update for Windows Server 2022 (5019081). This update will require a computer restart. How could an attacker exploit this vulnerability? An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges. How does Microsoft plan to address this vulnerability? To give administrators time to make corrections that prevent authentication failures, and to provide a choice on when to implement the enforcement, Microsoft is addressing this vulnerability in a phased rollout. What is the timeline for this rollout? Please refer to the planned enforcement timeline in the KB article: How to manage Netlogon Protocol changes related to CVE-2022-38023. How can I be notified when the further updates are available? When each phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-38023 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Elevation of Privilege | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Elevation of Privilege | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-38023 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-37992 MITRE NVD |
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-37992 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Important | Elevation of Privilege | 5018425 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | 5018410 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Important | Elevation of Privilege | 5018418 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Important | Elevation of Privilege | 5018427 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5020010 (Security Only) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5020019 (Monthly Rollup) 5020005 (Security Only) |
Important | Elevation of Privilege | 5018450 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Important | Elevation of Privilege | 5018454 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Elevation of Privilege | 5018457 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Important | Elevation of Privilege | 5018457 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Important | Elevation of Privilege | 5018474 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5019964 (Security Update) | Important | Elevation of Privilege | 5018411 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5019966 (Security Update) | Important | Elevation of Privilege | 5018419 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5019081 (Security Update) | Important | Elevation of Privilege | 5018421 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 Datacenter: Azure Edition (Hotpatch) | 5019080 (Security Hotpatch Update) | Important | Elevation of Privilege | 5016060 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-37992 | somaro |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-41039 MITRE NVD |
CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.1/7.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. Mitigations: None Workarounds: None Revision: 1.0    2022-11-08T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-41039 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5019970 (Security Update) | Critical | Remote Code Execution | 5018425 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5019970 (Security Update) | Critical | Remote Code Execution | 5018425 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5019966 (Security Update) | Critical | Remote Code Execution | 5018419 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | 5018410 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for ARM64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 10 Version 22H2 for x64-based Systems | 5019959 (Security Update) | Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows 11 for ARM64-based Systems | 5019961 (Security Update) | Critical | Remote Code Execution | 5018418 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5019961 (Security Update) | Critical | Remote Code Execution | 5018418 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5019980 (Security Update) | Critical | Remote Code Execution | 5018427 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5019980 (Security Update) | Critical | Remote Code Execution | 5018427 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Remote Code Execution | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Remote Code Execution | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Remote Code Execution | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Remote Code Execution | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5020010 (Security Only) | Critical | Remote Code Execution | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Remote Code Execution | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5020000 (Monthly Rollup) 5020013 (Security Only) |
Critical | Remote Code Execution | 5018454 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Remote Code Execution | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5020009 (Monthly Rollup) 5020003 (Security Only) |
Critical | Remote Code Execution | 5018457 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Remote Code Execution | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5020023 (Monthly Rollup) 5020010 (Security Only) |
Critical | Remote Code Execution | 5018474 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5019964 (Security Update) | Critical | Remote Code Execution | 5018411 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) |