This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Framework | CVE-2022-21911 | .NET Framework Denial of Service Vulnerability |
Microsoft Dynamics | CVE-2022-21932 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
Microsoft Dynamics | CVE-2022-21891 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-0105 | Chromium: CVE-2022-0105 Use after free in PDF |
Microsoft Edge (Chromium-based) | CVE-2022-0102 | Chromium: CVE-2022-0102 Type Confusion in V8 |
Microsoft Edge (Chromium-based) | CVE-2022-0104 | Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE |
Microsoft Edge (Chromium-based) | CVE-2022-0101 | Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks |
Microsoft Edge (Chromium-based) | CVE-2022-0103 | Chromium: CVE-2022-0103 Use after free in SwiftShader |
Microsoft Edge (Chromium-based) | CVE-2022-0109 | Chromium: CVE-2022-0109 Inappropriate implementation in Autofill |
Microsoft Edge (Chromium-based) | CVE-2022-0110 | Chromium: CVE-2022-0110 Incorrect security UI in Autofill |
Microsoft Edge (Chromium-based) | CVE-2022-0108 | Chromium: CVE-2022-0108 Inappropriate implementation in Navigation |
Microsoft Edge (Chromium-based) | CVE-2022-0106 | Chromium: CVE-2022-0106 Use after free in Autofill |
Microsoft Edge (Chromium-based) | CVE-2022-0107 | Chromium: CVE-2022-0107 Use after free in File Manager API |
Microsoft Edge (Chromium-based) | CVE-2022-21954 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-21970 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-21931 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-21929 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-21930 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-0099 | Chromium: CVE-2022-0099 Use after free in Sign-in |
Microsoft Edge (Chromium-based) | CVE-2022-0100 | Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API |
Microsoft Edge (Chromium-based) | CVE-2022-0098 | Chromium: CVE-2022-0098 Use after free in Screen Capture |
Microsoft Edge (Chromium-based) | CVE-2022-0096 | Chromium: CVE-2022-0096 Use after free in Storage |
Microsoft Edge (Chromium-based) | CVE-2022-0097 | Chromium: CVE-2022-0097 Inappropriate implementation in DevTools |
Microsoft Edge (Chromium-based) | CVE-2022-0116 | Chromium: CVE-2022-0116 Inappropriate implementation in Compositing |
Microsoft Edge (Chromium-based) | CVE-2022-0117 | Chromium: CVE-2022-0117 Policy bypass in Service Workers |
Microsoft Edge (Chromium-based) | CVE-2022-0115 | Chromium: CVE-2022-0115 Uninitialized Use in File API |
Microsoft Edge (Chromium-based) | CVE-2022-0113 | Chromium: CVE-2022-0113 Inappropriate implementation in Blink |
Microsoft Edge (Chromium-based) | CVE-2022-0114 | Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial |
Microsoft Edge (Chromium-based) | CVE-2022-0118 | Chromium: CVE-2022-0118 Inappropriate implementation in WebShare |
Microsoft Edge (Chromium-based) | CVE-2022-0111 | Chromium: CVE-2022-0111 Inappropriate implementation in Navigation |
Microsoft Edge (Chromium-based) | CVE-2022-0112 | Chromium: CVE-2022-0112 Incorrect security UI in Browser UI |
Microsoft Edge (Chromium-based) | CVE-2022-0120 | Chromium: CVE-2022-0120 Inappropriate implementation in Passwords |
Microsoft Exchange Server | CVE-2022-21969 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2022-21855 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2022-21904 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2022-21903 | Windows GDI Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2022-21915 | Windows GDI+ Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability |
Microsoft Office | CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office Word | CVE-2022-21842 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2022-21917 | HEVC Video Extensions Remote Code Execution Vulnerability |
Open Source Software | CVE-2021-22947 | Open Source Curl Remote Code Execution Vulnerability |
Role: Windows Hyper-V | CVE-2022-21901 | Windows Hyper-V Elevation of Privilege Vulnerability |
Role: Windows Hyper-V | CVE-2022-21900 | Windows Hyper-V Security Feature Bypass Vulnerability |
Role: Windows Hyper-V | CVE-2022-21905 | Windows Hyper-V Security Feature Bypass Vulnerability |
Role: Windows Hyper-V | CVE-2022-21847 | Windows Hyper-V Denial of Service Vulnerability |
Tablet Windows User Interface | CVE-2022-21870 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
Windows Account Control | CVE-2022-21859 | Windows Accounts Control Elevation of Privilege Vulnerability |
Windows Active Directory | CVE-2022-21857 | Active Directory Domain Services Elevation of Privilege Vulnerability |
Windows AppContracts API Server | CVE-2022-21860 | Windows AppContracts API Server Elevation of Privilege Vulnerability |
Windows Application Model | CVE-2022-21862 | Windows Application Model Core API Elevation of Privilege Vulnerability |
Windows BackupKey Remote Protocol | CVE-2022-21925 | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability |
Windows Bind Filter Driver | CVE-2022-21858 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
Windows Certificates | CVE-2022-21836 | Windows Certificate Spoofing Vulnerability |
Windows Cleanup Manager | CVE-2022-21838 | Windows Cleanup Manager Elevation of Privilege Vulnerability |
Windows Clipboard User Service | CVE-2022-21869 | Clipboard User Service Elevation of Privilege Vulnerability |
Windows Cluster Port Driver | CVE-2022-21910 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2022-21897 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2022-21916 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Connected Devices Platform Service | CVE-2022-21865 | Connected Devices Platform Service Elevation of Privilege Vulnerability |
Windows Cryptographic Services | CVE-2022-21835 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
Windows Defender | CVE-2022-21921 | Windows Defender Credential Guard Security Feature Bypass Vulnerability |
Windows Defender | CVE-2022-21906 | Windows Defender Application Control Security Feature Bypass Vulnerability |
Windows Devices Human Interface | CVE-2022-21868 | Windows Devices Human Interface Elevation of Privilege Vulnerability |
Windows Diagnostic Hub | CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability |
Windows DirectX | CVE-2022-21898 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
Windows DirectX | CVE-2022-21918 | DirectX Graphics Kernel File Denial of Service Vulnerability |
Windows DirectX | CVE-2022-21912 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
Windows DWM Core Library | CVE-2022-21852 | Windows DWM Core Library Elevation of Privilege Vulnerability |
Windows DWM Core Library | CVE-2022-21902 | Windows DWM Core Library Elevation of Privilege Vulnerability |
Windows DWM Core Library | CVE-2022-21896 | Windows DWM Core Library Elevation of Privilege Vulnerability |
Windows Event Tracing | CVE-2022-21872 | Windows Event Tracing Elevation of Privilege Vulnerability |
Windows Event Tracing | CVE-2022-21839 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability |
Windows Geolocation Service | CVE-2022-21878 | Windows Geolocation Service Remote Code Execution Vulnerability |
Windows HTTP Protocol Stack | CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability |
Windows IKE Extension | CVE-2022-21843 | Windows IKE Extension Denial of Service Vulnerability |
Windows IKE Extension | CVE-2022-21890 | Windows IKE Extension Denial of Service Vulnerability |
Windows IKE Extension | CVE-2022-21883 | Windows IKE Extension Denial of Service Vulnerability |
Windows IKE Extension | CVE-2022-21889 | Windows IKE Extension Denial of Service Vulnerability |
Windows IKE Extension | CVE-2022-21848 | Windows IKE Extension Denial of Service Vulnerability |
Windows IKE Extension | CVE-2022-21849 | Windows IKE Extension Remote Code Execution Vulnerability |
Windows Installer | CVE-2022-21908 | Windows Installer Elevation of Privilege Vulnerability |
Windows Kerberos | CVE-2022-21920 | Windows Kerberos Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2022-21881 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2022-21879 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Libarchive | CVE-2021-36976 | Libarchive Remote Code Execution Vulnerability |
Windows Local Security Authority | CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass |
Windows Local Security Authority Subsystem Service | CVE-2022-21884 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
Windows Modern Execution Server | CVE-2022-21888 | Windows Modern Execution Server Remote Code Execution Vulnerability |
Windows Push Notifications | CVE-2022-21867 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability |
Windows RDP | CVE-2022-21851 | Remote Desktop Client Remote Code Execution Vulnerability |
Windows RDP | CVE-2022-21850 | Remote Desktop Client Remote Code Execution Vulnerability |
Windows RDP | CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability |
Windows Remote Access Connection Manager | CVE-2022-21914 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Windows Remote Access Connection Manager | CVE-2022-21885 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Windows Remote Desktop | CVE-2022-21964 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2022-21922 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21961 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21959 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21958 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21960 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21963 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21892 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21962 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Resilient File System (ReFS) | CVE-2022-21928 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
Windows Secure Boot | CVE-2022-21894 | Secure Boot Security Feature Bypass Vulnerability |
Windows Security Center | CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability |
Windows StateRepository API | CVE-2022-21863 | Windows StateRepository API Server file Elevation of Privilege Vulnerability |
Windows Storage | CVE-2022-21875 | Windows Storage Elevation of Privilege Vulnerability |
Windows Storage Spaces Controller | CVE-2022-21877 | Storage Spaces Controller Information Disclosure Vulnerability |
Windows System Launcher | CVE-2022-21866 | Windows System Launcher Elevation of Privilege Vulnerability |
Windows Task Flow Data Engine | CVE-2022-21861 | Task Flow Data Engine Elevation of Privilege Vulnerability |
Windows Tile Data Repository | CVE-2022-21873 | Tile Data Repository Elevation of Privilege Vulnerability |
Windows UEFI | CVE-2022-21899 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability |
Windows UI Immersive Server | CVE-2022-21864 | Windows UI Immersive Server API Elevation of Privilege Vulnerability |
Windows User Profile Service | CVE-2022-21895 | Windows User Profile Service Elevation of Privilege Vulnerability |
Windows User Profile Service | CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability |
Windows User-mode Driver Framework | CVE-2022-21834 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability |
Windows Virtual Machine IDE Drive | CVE-2022-21833 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2022-21876 | Win32k Information Disclosure Vulnerability |
Windows Win32K | CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability |
Windows Workstation Service Remote Protocol | CVE-2022-21924 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21852 MITRE NVD |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21852 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21852 | He YiSheng, Zhang WangJunJie, and Li WenYue with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2021-22947 MITRE NVD |
CVE Title: Open Source Curl Remote Code Execution Vulnerability
CVSS: None FAQ: Why is this a Hacker One CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The January 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addressed. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-22947 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2021-22947 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2021-36976 MITRE NVD |
CVE Title: Libarchive Remote Code Execution Vulnerability
CVSS: None FAQ: Why is this a MITRE Corporation CVE? CVE-2021-36976 is regarding a vulnerability in the libarchive open source library which is used by Windows. The January 2022 Windows Security Updates include the most recent version of this library which addresses the vulnerability and others. Please see libarchive CVEs for more information regarding all of the vulnerabilities that have been addressed. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-36976 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2021-36976 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21919 MITRE NVD |
CVE Title: Windows User Profile Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21919 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21919 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21918 MITRE NVD |
CVE Title: DirectX Graphics Kernel File Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21918 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21918 | HongZhenhao of Ant Group Light-Year Security Lab
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21917 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: How could this vulnerability affect my system A crafted image file could cause a crash in Explorer during browsing of the directory containing the file. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.43421.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.43422.0 and later contain this update. You can check the package version in PowerShell:
How would an attacker exploit this vulnerability? This vulnerability would require an authenticated victim to be tricked into opening a specially crafted media file which could result in remote code execution on the victim's machine. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21917 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
HEVC Video Extensions | Upadate Information (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-21917 | Dhanesh Kizhakkinan with Mandiant |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21915 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21915 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21915 | Gábor Selján |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21932 MITRE NVD |
CVE Title: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVSS: CVSS:3.1 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21932 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 Customer Engagement V9.0 | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Unknown | |
Microsoft Dynamics 365 Customer Engagement V9.1 | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2022-21932 | Pham Van Khanh @rskvp93 from Viettel Cyber Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21833 MITRE NVD |
CVE Title: Virtual Machine IDE Drive Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21833 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21833 | Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21834 MITRE NVD |
CVE Title: Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21834 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21834 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21835 MITRE NVD |
CVE Title: Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21835 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21835 | Xuefeng Li and Zhiniang Peng with Sangfor |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21836 MITRE NVD |
CVE Title: Windows Certificate Spoofing Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: What security feature is bypassed with this vulnerability? A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Platform Binary Table (WPBT). In addition, Microsoft recommends customers use Windows Defender Application Control (WDAC) to limit what is allowed to run on their devices. WDAC policy is also enforced for binaries included in the WPBT and should mitigate this issue. We recommend customers implement a WDAC policy that is as restrictive as practical for their environment. You can find documentation on WDAC on https://docs.microsoft.com. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21836 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Spoofing | 5008230 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Spoofing | 5008230 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Spoofing | 5008215 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Spoofing | 5008215 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Spoofing | 5008277 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Spoofing | 5008277 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Spoofing | 5008223 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Spoofing | 5008223 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21836 | Mickey Shkatov |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21838 MITRE NVD |
CVE Title: Windows Cleanup Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What privileges does the attacker gain? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21838 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21838 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21839 MITRE NVD |
CVE Title: Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
CVSS: CVSS:3.1 6.1/5.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21839 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21839 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21840 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Are the updates for the Microsoft Office for Mac currently available? The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21840 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Excel 2013 RT Service Pack 1 | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002114 (Security Update) | Critical | Remote Code Execution | 5002098 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002114 (Security Update) | Critical | Remote Code Execution | 5002098 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5002060 (Security Update) 5002115 (Security Update) 5002052 (Security Update) |
Critical | Remote Code Execution | 5001982 5002099 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5002060 (Security Update) 5002115 (Security Update) 5002052 (Security Update) |
Critical | Remote Code Execution | 5001982 5002099 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for Mac | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC for Mac 2021 | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
Microsoft Office Online Server | 5002107 (Security Update) | Critical | Remote Code Execution | 5002097 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002122 (Security Update) | Critical | Remote Code Execution | 5002103 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5001995 (Security Update) 5002102 (Security Update) |
Critical | Remote Code Execution | 4011599 5002063 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 5002113 (Security Update) 5002118 (Security Update) |
Critical | Remote Code Execution | 5002055 5002059 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002127 (Security Update) 5002129 (Security Update) |
Critical | Remote Code Execution | 5002071 5002015 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002109 (Security Update) 5002108 (Security Update) |
Critical | Remote Code Execution | 5002054 5002061 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server Subscription Edition | 5002111 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe | |
SharePoint Server Subscription Edition Language Pack | 5002110 (Security Update) | Critical | Remote Code Execution | 5002047 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-21840 | Anonymous Finder |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21841 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Are the updates for the Microsoft Office for Mac currently available? The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21841 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2013 RT Service Pack 1 | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5002116 (Security Update) | Important | Remote Code Execution | 5002033 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5002116 (Security Update) | Important | Remote Code Execution | 5002033 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for Mac | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC for Mac 2021 | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2022-21841 | Jaanus Kääp with Clarified Security Jaanus Kääp with Clarified Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21857 MITRE NVD |
CVE Title: Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: What is the scope of this security update? This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary under certain conditions. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21857 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21857 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21858 MITRE NVD |
CVE Title: Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21858 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21858 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21859 MITRE NVD |
CVE Title: Windows Accounts Control Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21859 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21859 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21860 MITRE NVD |
CVE Title: Windows AppContracts API Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21860 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21860 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21861 MITRE NVD |
CVE Title: Task Flow Data Engine Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21861 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21861 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21862 MITRE NVD |
CVE Title: Windows Application Model Core API Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21862 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21862 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21863 MITRE NVD |
CVE Title: Windows StateRepository API Server file Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21863 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21863 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21864 MITRE NVD |
CVE Title: Windows UI Immersive Server API Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21864 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21864 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21865 MITRE NVD |
CVE Title: Connected Devices Platform Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21865 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21865 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21866 MITRE NVD |
CVE Title: Windows System Launcher Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21866 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21866 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21867 MITRE NVD |
CVE Title: Windows Push Notifications Apps Elevation Of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21867 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21867 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21868 MITRE NVD |
CVE Title: Windows Devices Human Interface Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21868 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21868 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21869 MITRE NVD |
CVE Title: Clipboard User Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21869 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21869 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21870 MITRE NVD |
CVE Title: Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21870 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21870 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21871 MITRE NVD |
CVE Title: Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21871 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21871 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21872 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21872 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21872 | aks.doker ,99k ,yuanheng lab aks.doker ,99k ,yuanheng lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21873 MITRE NVD |
CVE Title: Tile Data Repository Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21873 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21873 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21874 MITRE NVD |
CVE Title: Windows Security Center API Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21874 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21874 | Jinquan(@jq0904) with DBAPPSecurity Lieying Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21875 MITRE NVD |
CVE Title: Windows Storage Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21875 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21875 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21876 MITRE NVD |
CVE Title: Win32k Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21876 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21876 | namnp working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21877 MITRE NVD |
CVE Title: Storage Spaces Controller Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21877 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21877 | Trend Micro’s Zero Day Initiative (ZDI) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21878 MITRE NVD |
CVE Title: Windows Geolocation Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21878 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21878 | Zhiniang Peng (@edwardzpeng) Zesen Ye (@wh1tc) with Sangfor Jinquan(@jq0904) with DBAPPSecurity Lieying Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21879 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21879 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21879 | JIWO Technology Co., Ltd |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21880 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21880 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21880 | yyjb with http://blog.noah.360.net/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21881 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21881 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21881 | HuanGMz@KnownSec 404 Team sunglin@KnownSec 404 Team Tongqing Zhu@KnownSec 404 Team Hcamael@KnownSec 404 Team Byzero & Zhiniang Peng(@edwardzpeng) of Sangfor |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21882 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: What type of privileges could an attacker gain through this vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21882 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21882 | RyeLv (@b2ahex) Big CJTeam of TinaFu Cup |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21843 MITRE NVD |
CVE Title: Windows IKE Extension Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21843 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21843 | Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21883 MITRE NVD |
CVE Title: Windows IKE Extension Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21883 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21883 | Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21884 MITRE NVD |
CVE Title: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21884 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21884 | Leo Adrien (@australeo) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21885 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21885 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21885 | StackLeader in Tianfu Cup |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21887 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: What type of privileges could an attacker gain through this vulnerability? A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21887 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21887 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21888 MITRE NVD |
CVE Title: Windows Modern Execution Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21888 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21888 | Zhiniang Peng (@edwardzpeng) & Zesen Ye (@wh1tc) with Sangfor Jinquan(@jq0904) with DBAPPSecurity Lieying Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21892 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21892 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21892 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21893 MITRE NVD |
CVE Title: Remote Desktop Protocol Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21893 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21893 | Gabriel Sztejnworcel with CyberArk |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21894 MITRE NVD |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.4/3.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21894 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Security Feature Bypass | 5008263 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21894 | Zammis Clark |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21900 MITRE NVD |
CVE Title: Windows Hyper-V Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.6/4.0
FAQ: What configurations or versions could be at risk from this vulnerability? This bypass could affect any Hyper-V configurations that are using Router Guard. What is the exposure if the vulnerability was bypassed? Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21900 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21900 | Microsoft Security Assurance & Vulnerability Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21901 MITRE NVD |
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 9.0/7.8
FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21901 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21901 | Microsoft Security Assurance & Vulnerability Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21902 MITRE NVD |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21902 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21902 | He YiSheng, Zhang WangJunJie, and Li WenYue with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21903 MITRE NVD |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21903 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21903 | Gábor Selján |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21904 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: What information could be disclosed through this vulnerability? An attacker could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21904 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21904 | Gábor Selján |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21905 MITRE NVD |
CVE Title: Windows Hyper-V Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.6/4.0
FAQ: What configurations or versions could be at risk from this vulnerability? This bypass could affect any Hyper-V configurations that are using Router Guard. What is the exposure if the vulnerability was bypassed? Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21905 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008210 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.6 Temporal: 4.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21905 | Etienne Champetier (@champtar) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21906 MITRE NVD |
CVE Title: Windows Defender Application Control Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21906 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21906 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21907 MITRE NVD |
CVE Title: HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS: CVSS:3.1 9.8/8.5
FAQ: How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Is this wormable? Yes. Microsoft recommends prioritizing the patching of affected servers. Mitigations: Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21907 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21907 | Mikhail Medvedev (M3ik Shizuka) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21908 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21908 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21908 | Levi Broderick, Microsoft and Andrew Ruddick, Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21910 MITRE NVD |
CVE Title: Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21910 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008210 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21910 | JIWO Technology Co., Ltd |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21911 MITRE NVD |
CVE Title: .NET Framework Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21911 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems | 5008879 (Security Update) | Important | Denial of Service | 4578974 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems | 5008879 (Security Update) | Important | Denial of Service | 4578974 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems | 5008879 (Security Update) | Important | Denial of Service | 4578974 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for 32-bit Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for ARM64-based Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for x64-based Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H1 for 32-bit Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H1 for ARM64-based Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H1 for x64-based Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 for x64-based Systems | 5008880 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5009718 (Security Update) | Important | Denial of Service | 4578973 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5008882 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5008882 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 20H2 (Server Core Installation) | 5008876 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 | 5009721 (Monthly Rollup) | Important | Denial of Service | 4601048 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5009722 (Monthly Rollup) 5009714 (Security Only) |
Important | Denial of Service | 4579980 4578979 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 | 5009721 (Monthly Rollup) | Important | Denial of Service | 4601048 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5008877 (Security Update) | Important | Denial of Service | 4603002 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5008877 (Security Update) | Important | Denial of Service | 4603002 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows RT 8.1 | 5009721 (Monthly Rollup) | Important | Denial of Service | 4601048 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009719 (Monthly Rollup) 5009711 (Security Only) |
Important | Denial of Service | 4578977 4601089 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5009720 (Monthly Rollup) 5009712 (Security Only) |
Important | Denial of Service | 4578961 4601093 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5009721 (Monthly Rollup) 5009713 (Security Only) |
Important | Denial of Service | 4601048 4601094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5008877 (Security Update) | Important | Denial of Service | 4603002 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5008877 (Security Update) | Important | Denial of Service | 4603002 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-21911 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21912 MITRE NVD |
CVE Title: DirectX Graphics Kernel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: According to the score, privileges required is equal to low. In this situation, what does that mean? An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. How can an attacker exploit this vulnerability? The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21912 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21912 | HongZhenhao of Ant Group Light-Year Security Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21913 MITRE NVD |
CVE Title: Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
CVSS: CVSS:3.1 5.3/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21913 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21913 | Andrew Bartlett of Catalyst IT |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21924 MITRE NVD |
CVE Title: Workstation Service Remote Protocol Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 5.3/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21924 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21924 | Andrew Bartlett of Catalyst IT |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21925 MITRE NVD |
CVE Title: Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 5.3/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21925 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Security Feature Bypass | 5008206 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Security Feature Bypass | 5008274 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Security Feature Bypass | 5008207 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Security Feature Bypass | 5008218 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21925 | Andrew Bartlett of Catalyst IT |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21958 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21958 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21958 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21959 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21959 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21959 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21960 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21960 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21960 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21961 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21961 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21961 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21962 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21962 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21962 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21963 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.4/5.6
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21963 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21963 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21964 MITRE NVD |
CVE Title: Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover cleartext passwords from memory. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21964 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21964 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21846 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.0/7.8
FAQ: According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21846 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5008631 (Security Update) | Critical | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5008631 (Security Update) | Critical | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5008631 (Security Update) | Critical | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5008631 (Security Update) | Critical | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5008631 (Security Update) | Critical | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21846 | National Security Agency |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21847 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21847 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008210 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008210 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008210 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21847 | Wei in Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21922 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: According to the score, privileges required is equal to low. In this situation, what does that mean? An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. How can an attacker exploit this vulnerability? The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. What is RPC runtime? See this article for more information on RPC and RPC Runtime. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21922 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21922 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21921 MITRE NVD |
CVE Title: Windows Defender Credential Guard Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.4/3.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21921 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Security Feature Bypass | 5008215 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Security Feature Bypass | 5008223 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Security Feature Bypass | 5008212 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21921 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21920 MITRE NVD |
CVE Title: Windows Kerberos Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: In what way does an attacker elevate privileges? A domain user could use this vulnerability to elevate privileges to a domain admin. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21920 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21920 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21848 MITRE NVD |
CVE Title: Windows IKE Extension Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21848 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Denial of Service | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Denial of Service | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Denial of Service | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Denial of Service | 5008274 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21848 | The UK’s National Cyber Security Centre (NCSC) Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21849 MITRE NVD |
CVE Title: Windows IKE Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.1 9.8/8.5
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. How could an attacker exploit this vulnerability? In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21849 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21849 | Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21850 MITRE NVD |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21850 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Remote Desktop client for Windows Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21850 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21851 MITRE NVD |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: What is required to exploit this vulnerability? An authenticated user might be tricked into connecting to a malicious remote desktop server in which the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) targeting the remote client's drive redirection virtual channel. The end result is a potential for remote code execution on the victims machine. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21851 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Remote Desktop client for Windows Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Remote Code Execution | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Remote Code Execution | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21851 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21855 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 9.0/7.8
FAQ: According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21855 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21855 | Andrew Ruddick, Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21916 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21916 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21916 | Thunder J and Boxer BugHunter010 with KunLun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21895 MITRE NVD |
CVE Title: Windows User Profile Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21895 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21895 | Qinrun Dai(@2st) of Singular Security Lab Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21914 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What type of privileges could an attacker gain through this vulnerability? A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21914 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21914 | StackLeader in Tianfu Cup |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21837 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.3/7.2
FAQ: How could an attacker exploit the vulnerability? An authenticated attacker with access to the domain could perform remote code execution on the Sharepoint server to elevate themselves to Sharepoint admin. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21837 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002113 (Security Update) | Important | Remote Code Execution | 5002055 |
Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002127 (Security Update) | Important | Remote Code Execution | 5002071 |
Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002109 (Security Update) | Important | Remote Code Execution | 5002054 |
Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server Subscription Edition | 5002111 (Security Update) | Important | Remote Code Execution | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-21837 | Yuhao Weng with Sangfor |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21842 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21842 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002113 (Security Update) 5002118 (Security Update) |
Important | Remote Code Execution | 5002055 5002059 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2016 (32-bit edition) | 5002057 (Security Update) | Important | Remote Code Execution | 5002004 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2016 (64-bit edition) | 5002057 (Security Update) | Important | Remote Code Execution | 5002004 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-21842 | ShiLongan with NSFOCUS TIANJI LAB |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21889 MITRE NVD |
CVE Title: Windows IKE Extension Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21889 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21889 | Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21890 MITRE NVD |
CVE Title: Windows IKE Extension Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.7
FAQ: Are the any prerequisites to a successful attack? Yes, only systems with the IPSec service running are vulnerable to this attack. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21890 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Denial of Service | 5008230 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Denial of Service | 5008244 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Denial of Service | 5008277 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Denial of Service | 5008263 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Denial of Service | 5008207 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21890 | Polar Bear |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21891 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVSS: CVSS:3.1 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21891 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Dynamics 365 Sales | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2022-21891 | Pontus Persson with Omegapoint |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21896 MITRE NVD |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21896 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21896 | He YiSheng, Zhang WangJunJie, and Li WenYue with Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21897 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21897 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21897 | Thunder J and Boxer |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21898 MITRE NVD |
CVE Title: DirectX Graphics Kernel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21898 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21898 | HongZhenhao of Ant Group Light-Year Security Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21899 MITRE NVD |
CVE Title: Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21899 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Security Feature Bypass | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Security Feature Bypass | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Security Feature Bypass | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Security Feature Bypass | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Security Feature Bypass | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21899 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21928 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.3/5.7
FAQ: According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability? To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. Are there additional attack vectors? This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21928 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Remote Code Execution | 5008230 | Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Remote Code Execution | 5008263 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Remote Code Execution | 5008277 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Remote Code Execution | 5008263 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Remote Code Execution | 5008207 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: 6.3 Temporal: 5.7 Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21928 | Tobias Groß with Friedrich-Alexander University (FAU) Erlangen-Nürnberg, Germany |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2022-21929 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 2.5/2.3
FAQ: What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21929 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Moderate | Remote Code Execution | None | Base: 2.5 Temporal: 2.3 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2022-21929 | David Erceg |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2022-21930 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 4.2/3.8
FAQ: What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21930 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2022-21930 | David Erceg |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2022-21931 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 4.2/3.8
FAQ: What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21931 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2022-21931 | David Erceg |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2022-21954 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.1/5.3
FAQ: What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21954 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2022-21954 | David Erceg |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21969 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 9.0/7.8
FAQ: According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: None Workarounds: None Revision: 1.0    2022-01-11T08:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21969 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5008631 (Security Update) | Important | Remote Code Execution | 5007409 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21969 | Dr. Florian Hauser with Code White GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2022-21970 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.1/5.3
FAQ: What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21970 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2022-21970 | David Erceg |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0096 MITRE NVD |
CVE Title: Chromium: CVE-2022-0096 Use after free in Storage
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0096 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0096 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0097 MITRE NVD |
CVE Title: Chromium: CVE-2022-0097 Inappropriate implementation in DevTools
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0097 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0097 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0098 MITRE NVD |
CVE Title: Chromium: CVE-2022-0098 Use after free in Screen Capture
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0098 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0098 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0099 MITRE NVD |
CVE Title: Chromium: CVE-2022-0099 Use after free in Sign-in
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0099 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0099 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0100 MITRE NVD |
CVE Title: Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0100 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0100 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0101 MITRE NVD |
CVE Title: Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0101 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0101 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0102 MITRE NVD |
CVE Title: Chromium: CVE-2022-0102 Type Confusion in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0102 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0102 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0103 MITRE NVD |
CVE Title: Chromium: CVE-2022-0103 Use after free in SwiftShader
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0103 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0103 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0104 MITRE NVD |
CVE Title: Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0104 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0104 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0105 MITRE NVD |
CVE Title: Chromium: CVE-2022-0105 Use after free in PDF
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0105 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0105 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0106 MITRE NVD |
CVE Title: Chromium: CVE-2022-0106 Use after free in Autofill
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0106 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0106 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0107 MITRE NVD |
CVE Title: Chromium: CVE-2022-0107 Use after free in File Manager API
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0107 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0107 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0108 MITRE NVD |
CVE Title: Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0108 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0108 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0109 MITRE NVD |
CVE Title: Chromium: CVE-2022-0109 Inappropriate implementation in Autofill
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0109 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0109 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0110 MITRE NVD |
CVE Title: Chromium: CVE-2022-0110 Incorrect security UI in Autofill
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0110 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0110 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0111 MITRE NVD |
CVE Title: Chromium: CVE-2022-0111 Inappropriate implementation in Navigation
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0111 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0111 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0112 MITRE NVD |
CVE Title: Chromium: CVE-2022-0112 Incorrect security UI in Browser UI
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0112 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0112 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0113 MITRE NVD |
CVE Title: Chromium: CVE-2022-0113 Inappropriate implementation in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0113 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0113 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0114 MITRE NVD |
CVE Title: Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0114 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0114 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0115 MITRE NVD |
CVE Title: Chromium: CVE-2022-0115 Uninitialized Use in File API
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0115 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0115 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0116 MITRE NVD |
CVE Title: Chromium: CVE-2022-0116 Inappropriate implementation in Compositing
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0116 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0116 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0117 MITRE NVD |
CVE Title: Chromium: CVE-2022-0117 Policy bypass in Service Workers
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0117 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0117 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0118 MITRE NVD |
CVE Title: Chromium: CVE-2022-0118 Inappropriate implementation in WebShare
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0118 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0118 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2022-0120 MITRE NVD |
CVE Title: Chromium: CVE-2022-0120 Inappropriate implementation in Passwords
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2022-01-06T08:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2022-0120 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2022-0120 | None |