This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
AMD CPU Branch | CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
AMD CPU Branch | CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
Azure Site Recovery | CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability |
Azure Site Recovery | CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability |
Azure Site Recovery | CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Site Recovery | CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability |
Azure Storage Library | CVE-2022-30187 | Azure Storage Library Information Disclosure Vulnerability |
Microsoft Defender for Endpoint | CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2022-2295 | Chromium: CVE-2022-2295 Type Confusion in V8 |
Microsoft Edge (Chromium-based) | CVE-2022-2294 | Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC |
Microsoft Graphics Component | CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability |
Microsoft Office | CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability |
Open Source Software | CVE-2022-27776 | HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data |
Role: DNS Server | CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability |
Role: Windows Fax Service | CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability |
Role: Windows Fax Service | CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability |
Role: Windows Hyper-V | CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability |
Role: Windows Hyper-V | CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability |
Skype for Business and Microsoft Lync | CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability |
Windows Active Directory | CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability |
Windows Advanced Local Procedure Call | CVE-2022-30202 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
Windows Advanced Local Procedure Call | CVE-2022-30224 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
Windows Advanced Local Procedure Call | CVE-2022-22037 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
Windows BitLocker | CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability |
Windows BitLocker | CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability |
Windows Boot Manager | CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability |
Windows Client/Server Runtime Subsystem | CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability |
Windows Client/Server Runtime Subsystem | CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability |
Windows Client/Server Runtime Subsystem | CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability |
Windows Connected Devices Platform Service | CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability |
Windows Credential Guard | CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability |
Windows Fast FAT Driver | CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
Windows Fax and Scan Service | CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability |
Windows Group Policy | CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability |
Windows IIS | CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability |
Windows IIS | CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability |
Windows IIS | CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
Windows Kernel | CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability |
Windows Media | CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability |
Windows Media | CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability |
Windows Network File System | CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability |
Windows Network File System | CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability |
Windows Network File System | CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability |
Windows Performance Counters | CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability |
Windows Point-to-Point Tunneling Protocol | CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
Windows Portable Device Enumerator Service | CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
Windows Print Spooler Components | CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components | CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components | CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components | CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Windows Security Account Manager | CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
Windows Server Service | CVE-2022-30216 | Windows Server Service Tampering Vulnerability |
Windows Shell | CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability |
Windows Storage | CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
XBox | CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-21845 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.1
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-21845 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-21845 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-22711 MITRE NVD |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.7/5.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is raw unencrypted disk sector data. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. According to the CVSS metrics, successful exploitation of this vulnerability could lead to loss of confidentiality (C:H) and loss of integrity (I:H) but have no effect on Availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could access specific parts of the storage device and could read or write to portions of the device that are unencrypted. However, this vulnerability would not allow an attacker to deny function of the storage device. How could an attacker exploit this vulnerability? An attacker could access unencrypted parts of a BitLocker encrypted storage device if the administrator resizes the OS volume while concurrently provisioning the drive with BitLocker encryption. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-22711 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-22711 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30181 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30181 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-30181 | William Söderberg with WithSecure |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-33637 MITRE NVD |
CVE Title: Microsoft Defender for Endpoint Tampering Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to authenticate to the management console appliance and to have an integration token documented here: Defender for IoT sensor and management console APIs. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-33637 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Defender for Endpoint for Linux | Important | Tampering | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2022-33637 | James Sharpe with Zenotech Ltd |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-33641 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-33641 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-33641 | Anonymous William Söderberg with WithSecure |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-33642 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-33642 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-33642 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-33643 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-33643 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-33643 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30187 MITRE NVD |
CVE Title: Azure Storage Library Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.2
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What is CBC padding in storage SDK? Azure Storage .NET, Java, and Python SDKs use cipher block chaining (CBC mode) for client-side encryption. This client-side encryption is used by very small set of customers, who encrypt their data on the client with a customer-managed key that is maintained in Azure Key Vault or another key store before uploading to Azure Storage. What information can be disclosed if exploited? An attacker who successfully exploited this vulnerability could decrypt data on the client side and disclose the content of the file or blob. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30187 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Azure Storage Blobs client library for .NET | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
Azure Storage Blobs client library for Java | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
Azure Storage Blobs client library for Python | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
Azure Storage Queues client library for .NET | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
Azure Storage Queues client library for Python | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2022-30187 | Sophie Schmieg with Google |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30202 MITRE NVD |
CVE Title: Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30202 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30202 | Jarvis_1oop |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30203 MITRE NVD |
CVE Title: Windows Boot Manager Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 7.4/6.4
FAQ: What security feature could be bypassed by this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, successful exploitation could lead to scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30203 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30203 | Zammis Clark |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30205 MITRE NVD |
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.6/5.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30205 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30205 | Matthieu Buffet |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30206 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely. Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30206 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30206 | Victor Mata with FusionX, Accenture Security luckyu with NSFOCUS TIANYUAN LAB |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30208 MITRE NVD |
CVE Title: Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30208 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30208 | bee13oy with Cyber Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30209 MITRE NVD |
CVE Title: Windows IIS Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.4/6.4
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the service. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30209 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30209 | Orange Tsai (@orange_8361) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30211 MITRE NVD |
CVE Title: Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30211 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30211 | Alex Nichols with Nettitude |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30212 MITRE NVD |
CVE Title: Windows Connected Devices Platform Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.1
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30212 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30212 | JIWO Technology Co., Ltd |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30213 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30213 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30213 | willJ of vulnerability research institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30214 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.6/5.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30214 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30214 | George Hughey with MSRC Vulnerabilities and Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30215 MITRE NVD |
CVE Title: Active Directory Federation Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30215 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30215 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30216 MITRE NVD |
CVE Title: Windows Server Service Tampering Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30216 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Tampering | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Tampering | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5015827 (Security Update) | Important | Tampering | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Tampering | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2022-30216 | Ben Barnea with Akamai Technologies |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2022-30220 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2022-07-12T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2022-30220 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Ele |