Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Chrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2. Click on Help and Feedback
3. Click on About Microsoft Edge

What is the version information for this release?

Information published.

Issuing CNA: Microsoft

What type of information could be disclosed by this vulnerability?

This vulnerability could disclose sensitive information, which might include a user's full trust token.

How could an attacker exploit the vulnerability?

In a network-based attack, an attacker could host a site containing malicious code. When a target accesses that site, it could force open a full trust application and potentially obtain a user's full trust token.

Are there additional steps that I need to take to be protected from this vulnerability?

Yes. You must upgrade to the latest Teams Javascript SDK library. Additionally, do not refer to any domain that is outside of your control and avoid any wildcard domains.

The following steps are required:

1. Upgrade the version of Teams.js you are using as follows:

   • If you are on v2.x upgrade to 2.10.1
   • If you are on v1.x upgrade to 1.13.1. If you are still using Teams.js v1.x, you should consider upgrading to v2.x (2.10.1).

2. Do not include any references to domains that are outside of your control in the validDomains property or in the validMessageOrigins parameter in app.initialize(). Do not use wildcards (*) for sub-domains. For example, don't include any references to *.sharepoint.com or *.onmicrosoft.com

3. If your service has a presence in any private or sovereign clouds, please ensure that the above steps are applied there as well.

Resources:

• App manifest schema for Teams:Valid Domains
• App Module

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user navigate to a malicious site hosted on *.sharepoint.com.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

How could an attacker exploit this vulnerability?

An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

Information published.

Issuing CNA: Microsoft

What version of Windows Server 2022 is affected by this vulnerability?

This vulnerability only affects the hotpatch version of Windows Server 2022. If you are not running this version of the operating system, no action is required for this vulnerability.

What is SMB over QUIC?

SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared to TCP. For more information, please visit: SMB over QUIC.

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

Information published.

Issuing CNA: Microsoft

Information published.

Issuing CNA: Microsoft

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

Information published.

Issuing CNA: Microsoft

Information published.

Issuing CNA: Microsoft

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Information published.

Issuing CNA: Microsoft

How could an attacker exploit this vulnerability?

This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.

Warning You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0.

The following PowerShell command will disable those versions:

PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false

After running the command, you will need to restart NFS server or reboot the machine.

To restart NFS server, start a cmd window with Run as Administrator, enter the following commands:

• nfsadmin server stop
• nfsadmin server start

To confirm that NFSv4.1 has been turned off, run the following command in a Powershell window:

PS C:\Get-NfsServerConfiguration

Here is the sample output. Notice the EnableNFSv4.1 is "False" now:

State : Running
LogActivity :
CharacterTranslationFile : Not Configured
DirectoryCacheSize (KB) : 128
HideFilesBeginningInDot : Disabled
EnableNFSV2 : True
EnableNFSV3 : True
EnableNFSV4 : False
EnableAuthenticationRenewal : True
AuthenticationRenewalIntervalSec : 600
NlmGracePeriodSec : 45
MountProtocol : {TCP, UDP}
NfsProtocol : {TCP, UDP}
NisProtocol : {TCP, UDP}
NlmProtocol : {TCP, UDP}
NsmProtocol : {TCP, UDP}
PortmapProtocol : {TCP, UDP}
MapServerProtocol : {TCP, UDP}
PreserveInheritance : False
NetgroupCacheTimeoutSec : 30
UnmappedUserAccount :
WorldAccount : Everyone
AlwaysOpenByName : False
GracePeriodSec : 240
LeasePeriodSec : 120
OnlineTimeoutSec : 180

To re-enable NFSv4.1 after you have installed the security update, enter the following command:

Set-NfsServerConfiguration -EnableNFSV4 $True

Again, after running the command you will need to restart NFS server or reboot the machine.

Information published.

Issuing CNA: Microsoft

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Information published.

Issuing CNA: Microsoft

Information published.

Issuing CNA: Microsoft

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side.

Information published.